pricing80
Security
Security of school's data is obviously very important to us.
This page acts as a hub for information about the security of MINTclass.


It is broken down into 5 sections:


MINTclass security overview
Data
MINTclass hosts all data on servers based in the UK, held with a company called Memset.  For more information about Memset, see their section below.  Any data provided by a school to MINTclass is stored in separate databases.  Each school has their own database with separate user access accounts.  Access to this database is only reached by using the school's unique MINTclass subdomain.  Database selection commands are run before anything else in the system upon navigating to a valid school subdomain.  Data in databases is encrypted at rest and decrypted on demand.  Web communication with the site is protected by an SSL certificate and configured in a highly secure manner giving us an A+ rating on the Qualys SSL labs test.

Data transfer
We offer a few methods of transferring data from your school MIS into the MINTclass system.  We have two automated extractors and a CSV upload method.  All communication with extractors is protected by the same highly secure SSL connection.  More information about our data extractor partners below.

User access
  Account provisioning is managed by the school, they can be automatically provisioned by using an MIS extractor to get information from your MIS into MINTclass or manually added using the admin interface.  User accounts are secured by username and password combination, secondary security questions, and IP tracking.  User access can also be controlled using Active Directory or integrating with Frog.  Account login activity is logged and monitored for unusual activity and hardware level firewall blocks are deployed for repeat offenders.  Account access levels are split into three main groups with a sub group for SEN, with access restricted depending on level.  The admin section can additionally be secured to an IP or IP range of the school's choosing.

Backups
Database backups are performed nightly and are sent to Memset storage servers, at no point does the data leave the Memset network and remains within their firewalls at all times.  The data in the databases is encrypted and so therefore are the backups.  Retention is for 7 days rolling, with additional monthly and yearly backups held.

Additional security
Access to the server file system is restricted by both software and hardware level firewalls.  The firewall is incredibly restrictive with only the required ports open.  The server itself runs no additional services not required for the web server operation with automatic updates running nightly.

Automatic vulnerability scans are performed on the server monthly giving us a full report of any security breaches.  Any action recommended is taken within 24 hours of receipt of this report. 

Yearly manual external and internal penetration tests are performed.

Continuous monitoring software is deployed on the server which alerts both us and Memset to threats detected, action is immediately taken for any high risk threats.


Memset - Hosting providers for MINTclass
We chose Memset over any other company to host MINTclass based on their track record of uptime and security.  They invest heavily in security and as a result have recently become certified to provide government services.
We take advantage of a fully managed support agreement with them which means that any support queries are answered in a timely manner.  We also use their full security suite of systems for the prevention and detection of security breaches.

The key points of their security setup are as follows:

  • ISO 27001:2013 certified hosting services and data centres
  • ISO 9001 and 14001 certified
  • PSN accredited to provide Official services over PSN Protected
  • Accredited to provide Official classified services via encrypted PSN overlay


More information can be found on their website, Memset.com


MIS Data extraction tools
When we started out the only method of getting data from the school MIS into MINTclass was via CSV upload.  Some schools still use this method as they use an unsupported MIS or they simply prefer it that way, as it gives them full and complete control over what data we receive.  Because a CSV export is such a flexible way of getting data to us, when we approach 3rd party data extraction tools with our requirements we are often told that what we need cannot be done as it is too complex.  Thankfully, however, we have found some that are able to get the wealth of information our schools demand.


CSV Upload

This method is arguably the most secure, in terms of you know exactly what you send to us and when you send it.  The transfer is done manually over a fully SSL connection to ensure security.  It requires a good level of knowledge of your MIS and a decent knowledge of Excel in order to manipulate the extracted CSV into the format we require to upload.  Full training on this is provided.


ZiNET


ZiNET installs onto a school computer that has access to the MIS server, it does not have to be the MIS server itself.  The service runs in the background on a nightly job which runs exports from your MIS to MINTclass over an SSL connection to a secure and unique endpoint.  Exports can also be run manually on demand if needs be.
More information can be found on their website, zinethq.com

Information on exactly what data they extract can be found on the following page showing a live representation of the data objects retrieved.

ZiNET Data Specification


Groupcall Xporter & Xporter on Demand (XoD)

Similarly to ZiNEt, Groupcall Xporter installs on school computers with access to the MIS server.  If the school already has Groupcall installed then the MINTclass Groupcall executable will install simply as another job.  If the school does not have Groupcall then the install process is equally as easy.  Exports run nightly, and can also be manually triggered.
More information can be found on their website, www.groupcall.com

Information on exactly what data they extract can be found on the following page showing a live representation of the data objects retrieved.

Groupcall Xporter Data Specification

Groupcall Xporter Data Sharing Agreement

Groupcall XoD Data Specification

Groupcall XoD Data Sharing Agreement


Groupcall XoD also installs on school computers/servers with access to the MIS. If the school already has Groupcall Xporter installed, then XoD will install as an emerge job without interfering with anything else.   If the school does not have Groupcall then the install process is equally as easy.  Exports run nightly, but cannot be manually triggered yet, however there are plans to add a button for admins to manually run a sync.

More information can be found on their website, www.groupcall.com

FAQs
Please confirm where the data is held and, if off site, details on the procedures that you have in place to ensure that the information is managed so as to comply with Data Protection and child protection legislation.
Data is all held on Memset Servers located in the UK - see here for security information: http://www.memset.com/about-us/security/ http://www.memset.com/about-us/datacentre/
What is the schedule for data transfer to Memset and do we have any control over that schedule?
If transferring data via CSV, then you have full control over this schedule.  If using an automated extractor then data is exported nightly, and you have control over when the export happens.
When is the data encrypted in the process of transfer?
The connection is fully over SSL.
Does the data go through your or any other company servers before reaching Memset, other than the ISP’s?
No, connection is direct from school to our server over SSL.
We will need a data sharing agreement with yourselves and Memset before the system can be connected.
We can form a data sharing agreement, but Memset would not directly form this agreement with yourselves - it would be with us, who in turn has the agreement with Memset.
Who manages the accounts and internal data access and how?
The administrators appointed by the school with support from us.
STC 1