‘School Life’ use Amazon Web Services (AWS) cloud infrastructure based in the AWS data centre. This has been designed to provide the highest availability while putting strong safeguards in place regarding customer privacy and segregation and is protected by extensive network and security monitoring systems as well as School Life’s own monitoring tools.
In addition the AWS cloud infrastructure is certificated to certain security and regulations including ISO 27001 and the PCI Data Security Standard.
All our services are located behind firewalls and only ports and services that are deemed necessary are opened.
Access at server level is restricted to senior members of staff and are only viable across a secure VPN who ensure that the latest patches updates are installed. All data kept on our database servers are encrypted, whilst login to the School Life portal is via strong SHA-2/2048 bit encryption.
Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data centre floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals.
AWS uses the techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process.
All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.
The School Life administration system can only be accessed via authenticated users that have been granted the role of staff members.
Only existing staff members or School Life administrators can grant this level of authorisation. User passwords are not stored in the system – a one-way cryptographic hash is created in their place.