Help & Support Call: 0330 223 1876 Email: SOCS Login

Help Topics / Admin
Data Security Policy

SSL complies with the Data Protection Act (DPA) and the General Data Protection Regulations (GDPR) and will endeavour to comply with any statutory requirements that might be introduced in the future.

SSL's Department for Education (DfE) self-certification statements, with service and support commitments can be found here.

SSL is registered with the Information Commissioners’ Office (ICO).  A copy of the entry can be found on the register of data controllers here.

Physical Security

  • All SSL staff are reliable and trustworthy and receive appropriate training in data protection and security.
  • SSL controls physical security in relation to the information and personal data that is contained at our facilities and restricts access to locations where people could gain unauthorised physical access to compromise security.
  • All proprietary or confidential information, including personal data, which is contained or stored on computers, has authentication access controls provided by the computer operating system, as well as antivirus and antispyware protection measures (specifically Symantec Endpoint Protection software).  Any data that is contained and stored on manual files is locked up and secure.

Access Control

  • SSL controls access to information and personal data, including existing procedures for authorising and authenticating users as well as software controls for restricting access and techniques for protecting data such as encryption.
  • SSL does not guarantee the integrity or security of any encrypted or unencrypted information disclosed to it or collected by it that is transferred via the Internet.
  • In respect of detection and investigation of security breaches, SSL has in place relevant controls that will alert us to a breach in security. SSL will also investigate any breach of security and take appropriate action.

Personal Data Security

  • Some online services and components provided by SSL, specifically SOCS, rely on personal data to function fully, such as SOCS Co-Curricular and Team Sheet Builder.  In all such cases:
  • Consistent with the UK Data Protection Act (DPA), SSL is the data processor and schools are data controllers.
  • In relation to data transfers between data centres both inside and outside the European Economic Area, SSL guarantees that adequate protection is provided. Specifically data at rest and in transit is encrypted.
  • SSL will not disclose any personal data to any third party.
  • Personal data is deleted immediately on contract cancellation.
  • If an individual requests a copy of their data, it can be provided free of charge.  In such instances, or if an individual complains in respect of processing their personal data, SSL would always notify the data controller of such requests.
  • User access to SOCS is defined and managed by data controllers (the school). Therefore sensitive information, such as contact and medical data, is only accessible to authorised and trusted SOCS user account holders when they are logged in to their SOCS control panel.

Enhanced Security

  • If additional child protection measures are required for public facing websites, the optional SOCS security module adds password protection to team sheets and other public facing web pages such as photo and document repositories.
  • The SOCS sport Team Sheet Builder module can be used to allow the selection of pupils for teams to occur without publication on a school’s dedicated sports website.  Therefore if the school’s policy is not to publish team listings in the public domain the sports departments can still benefit from the time saving features and benefits of the Team Sheet Builder module.