Policy and Processes:
1. Main DPA 1998 Data Sharing and Processing Document:
This document is intended to explain what is required and what Education Software Solutions will do in relation to the processing of your Data as your Data Processor. Within the document there is a copy of ESS'S ISO 27001 Certificate which confirms that the processes and procedures ESS undertake in relation to your data processing is audited and complies with accepted national standards as a minimum.
Included below are examples of Data Sharing Agreements including the Data Processing Annual Agreement which are discussed within the main Data Sharing and Processing Document and includes the unaltered European Commission model Clauses – used for the transfer of Data outside the European Union.
2. Cloud Software Services for Schools (Supplier self-certification statements with service and support commitments).
When entering into an agreement with a ‘cloud’ service provider, every school/Data Controller has to be satisfied that the relevant service provider is carrying out its data processing as per their requirements (ensuring compliance with the Data Protection Act 1998 (DPA) by the data Controller and also the Data Processor by default).
It is the responsibility of every school to ensure compliance with the DPA. This document is meant to act as an aid to that decision-making process by presenting some key questions and answers that should be sought from any potential cloud service provider.