How will I be sure the data from my children will be secure?

The data will be stored secured to the highest international standards.
 
  • Physical security is in compliance with Durham University security procedures
 
  • CEM secure servers are stored in a designated server room.  Access to the server room is by means of a chipped electronic key.  Access to these keys is limited to the CEM Network Manager, two CEM Technicians and the CEM Director of Operations.  Other university staff do not have access to the server room.
 
  • Network security within CEM is based on a layered approach behind various firewalls
 
  • For externally accessible websites that allow access to confidential data, all traffic is via SSL secured connections and all access requires individual usernames and passwords.  All web traffic is logged to a central server where it is regularly analysed.  Servers containing sensitive data are also individually firewalled and, where appropriate, data is encrypted.
 
  • All data shares have permissions locked down to allow access only to users who require it.  All file systems are NTFS again with permissions locked down to only allow access to users who require it.  All database servers require a username and password to gain access with strict limits on the actions that these accounts can carry in place.  All login activity to servers is logged.
 
  • All accounts require regular password changes with varying levels of password complexity in place depending on the role of the account.
 
  • CEM assessment data is used only for bona fide educational research (in which case, only anonymised data are released, identifying neither pupil nor school).  Personal data is not passed on to any third parities.  As well as complying with the Data Protection Act, CEM follows the guidelines of the British Educational Research Association.  Our research is also subject to the approval of the Durham University Ethics Committee.
 
  • Under the Data Protection Act, the data subject can apply to see personal data held on them.  CEM will comply with such requests, subjects to checks for proof of identity.