Identity Management (IDM) system and the data it holds
ICT Solutions uses an Identity Management (IDM) system to store staff and pupil credentials and generate a unique username 'Nofolk ID' that can then be used to provision Google (NSIX) email accounts.
The data we hold on our IDM database is taken from a school's management information system (MIS) either via a direct secure link to the MIS using Groupcall Xporter or via manually generated '.tab' export files which are sent to us securely via Anycomms+. The data we store on the IDM is required to ensure a unique match between school MIS data and the accounts which are set up on our IDM system.
What data is held?
-
Person type i.e. staff or pupil
-
School DfE number
-
Legal forename
-
Legal surname
-
Date of birth
-
Teacher number (staff - if recorded)
-
Title (staff - if recorded)
-
UPN (pupils - unique pupil number)
-
ULN (pupils - unique learner number if recorded)
-
Year Group (Pupils)
-
Date Joined
-
Enrolment status (Pupils)
Once an account has been set up on our IDM, each user is allocated a NorfolkID (which is a username that forms their NSIX email address) and password.
How do we use the data?
This information is used to create Google (NSIX) email accounts. The following data is required by Google to set up the Google (NSIX) email accounts:
-
Legal Forename
-
Legal Surname
-
Person Type (staff or pupil)
-
School DfE number
-
Username
-
Password (hashed*)
This data is passed securely to Google to set up new accounts and update existing accounts. The Google account will be updated if there is a change in the user’s password, name, username or a change in the school they are attending.
* Hashing performs a one-way transformation on a password, turning the password into another string of characters called the hashed password. “One-way” means that it is practically impossible to go the other way and turn the hashed password back into the original password. It is therefore a very secure way of passing and storing passwords.
How long is the data stored?
The data is stored on our IDM as long as a record remains live in a school's MIS. For schools which are connected to our IDM via Groupcall Xporter, our IDM will be automatically updated by any changes in your MIS. However, for schools which send in .tab staff and pupil export files to us via Anycomms+ this will rely on exports being sent to us regularly (at least once a month) and whenever there is a change in staff or pupil details at your school. It is paramount that the IDM database remains up to date and reflects any leavers/joiners at your establishment. When an account is deleted from our IDM the only information that is retained is the username (NorfolkID) which is necessary to prevent re-use of it.
Where is the data stored?
The data is stored on a secure server at County Hall and is mirrored in another data centre off site.
How does NCC ensure the safety of the data?
-
All employees are DBS checked, prior to commencing employment
-
Once employed, it is mandatory for all staff members to have to complete a GDPR training course before they can access any systems. They will need to complete the course again at regular intervals afterwards to refresh their knowledge
-
Access to the database is restricted to only those staff members who need access
-
Some of the safeguards we use are firewalls, data encryption, physical access controls and information access authorisation controls.
-
Our network provider (Updata) also pro-actively monitors the network for cyber-attacks etc.
Do we have a Privacy Policy?