Help Centre

Frequently Asked Questions

Q. What information is captured/retained from users?

Data that is retained ensures functionality of the service such as Progress tracking (which and how much of a Webinar has been viewed for instance). These are all tied back to a User record, where we store the Users Name, Email address, Role within organisation and some other profile information such as key interests and subjects.

Q. How is information disposed of?

If a request to remove User data is received, users and their associated progress tracking information can be fully removed from the system, but that information would then be irrecoverable.

Q. Can information be downloaded or printed from the system? If so, in what circumstances would this happen?

As the system operates over a web interface & browser, any of your Users could print the pages that they are on. Reports can be downloaded at a School and Trust level to be used alongside the Schools other internal Management Information Systems. Data is only downloaded by NEG staff if they are providing assistance to a nominated contact within a School.

Q. How is your data stored securely?

Electronic data stored within our platform is stored within Amazon Web Services (AWS) with all the necessary data protection policies both at a network, system & human level implemented. Database storage is encrypted within AWS.

Q. How are computers and systems security patched and virus protected?

Internally all NEG endpoints are patch managed under our internal IT policies and our software platforms are kept up to date and deployed regularly.

Q. How do you ensure that unauthorised persons cannot access school data?

NEG staff are manually onboarded to the platform and are always mandated to have Two Factor Authentication enabled when accessing any of NEG’s online systems. Infrastructure and data engineer access is hardware multi factor protected. Penetration tests are carried out regularly on the platform, and all developers working on the platform have long standing industry experience of working on data-critical systems. All actions within the system are audited and we have robust request monitoring to ensure that the system is not nefariously targeted.

Q. What method of encryption is used for data being transferred to the system?

All traffic to and from the platform is encrypted using industry standard Secure Socket Layers (SSL).

Q. How are system backups & disaster recovery managed?

Point in time database restoration is available on a 14-day rolling window with full snapshot backups occurring daily. Database is replicated with failover instances available in other availability regions. Content is backed up across provider. Application is hosted across multiple availability zones, with auto healing infrastructure architecture.

Q. How do you ensure that school data is segregated, to prevent being merged with other organisations?

Hierarchically, data about a School and its users is contained within that schools record. This is handled at an application logic level. The only exception to this is Trusts (School Groups) where certain users with the requisite permissions can act as a manager of schools within their group for the purpose of reporting but this is controlled by strict ACLs.

Q. Where is system data stored?

Platform data is stored in the London region of Amazon Web Services.

Q. Can school data be copied and archived by unauthorised third parties, such as internet archives/robots?

No data that is only accessible once logged in, can be downloaded by any robots.

Q. Does the system have data validation in the fields, to ensure employees do not use the system for purposes other than the stated purpose?

Other than fields such as Name, email and job title/role, there are very few other ‘input’ fields that your staff can fill in, as the system is mostly delivering content.

Q. Can the system index all data for a unique data subject?

All personally identifiable data about a user is stored in one database table and all related items are data are attached from that part of the database (such as progress tracking entries). All records for a unique data subject can be provided upon request.

Q. How do you manage the risk of the system being taken offline maliciously, resulting in the service not being available or in the case of catastrophic failure?

The platform is hosted on auto scaling infrastructure which handles significant spikes in normal traffic usage patterns. Other information pertaining to our defences are in place but commercially sensitive.

Q. What is the identity verification process for users of the system?

School users identify with an email address & password or via Single Sign On with Microsoft 365 or Google. NEG Staff are authenticated with email address, password and two factor authentication.

Q. Has the system been fully tested/accredited to ensure that it cannot be compromised using technical tools?

All content changes have to be conducted via NEG staff who are authenticated with two factor and all code change deployments are peer reviewed by the development team before entering production.

Q. Do you monitor unusual activity and have integrity verification on system code?

We have robust hosting monitoring in place and have automated unit tests covering the codebase that are ran prior to any deployments.

Q. Are any components of the system installed on the school infrastructure, including the use of an app?

Nothing is required to be installed on school infrastructure, other than a relatively modern browser. NEG do have an iOS and Android app available, however these are not required to use the system. They have been fully checked by both the Apple and Google development teams and programmatically talk to the main platform over an API.

Q. What are the details of the bandwidth used by the system for BAU?

Bandwidth usage of browsing the platform will be no different to browsing normal internet sites. Bandwidth usage when viewing a Webinar or Course videos will entirely depend on the quality rate that is chosen by the user.

Q. How many data centers will (potentially) be used to store confidential data?

One

Q. Do you maintain 120 days of log retention?

Different logs are retained for different length of time; Infrastructure logs are retained for minimum of 30 days. Application audit logs are retained indefinitely.

Q. How can the users access their Data?

Via the Hub area.

Q. Do you use our data for analysis? If so, how?

Yes, we analyse which content is accessed across our platform to ensure we continue to curate and deliver relevant, useful content for our users.

Still Can't Find The Answer?

Send Us Your Questions And One Of Our Experts Will Get Back To You