LearningGrids Security Information

Overview

LearningGrids is a learning environment that includes online folders for both teachers and students. Schools and Colleges may have their own LearningGrids site. Any type of file with the exception of exe files can be stored within the online folders.

WriteOnline is an online word processor designed for education. WriteOnline users are able to save WriteOnline files to their online folders. These are the same folders they access through LearningGrids.

This document details the security and privacy measures that have been implemented to protect these online folders.

Terminology note

Within an organization's LearningGrids site, the organization's Site Manager can decide on what terminology to use for their site. The Site Manager can choose different terms for the following:

  • School
  • Teacher
  • Form
  • Student

In this document we have used the terms listed above. The terms may vary if the Site Manager chooses different terminology. For example, they may want to use 'College' instead of 'School' and 'Tutor' instead of 'Teacher'.

Individual login

Access to folders is controlled by individual login. Both teachers and students need to log in using either their username or their email address, plus their own personal password.

Roles

Site Manager

When the school LearningGrids site is set up, the school must nominate a Site Manager. In order to perform his or her role, the Site Manager has complete access to everything on the site. Only the Site Manager can add teachers and students to the site.

Teachers

All teachers have access to:

  • Their own private folders
  • The folders of all the students
  • The 'school folders' i.e. folders that are shared with other teachers in the school
  • Setting of tasks to students, and communicating with students via comments on the tasks

Students

Students can only access their own private folders and tasks.

Authentication

Authentication is achieved via an SSL certificate using https. This is an industry standard method of encrypting data that is transmitted over the Internet. This method is used by banks and ecommerce sites.

Service continuity

Our servers have a high speed, uncontended internet connection via fibre-optic cable that is close to the main internet backbone. There is a high level of resilience in the connectivity between the servers and the main backbone.

Our servers are protected against power failure by several Uninterrupted Power Supply devices.

The site and servers are fully redundant where if one should fail another takes over.

The WriteOnline application is served via a super high speed 24/7 Content Delivery Network with points of presence around the world.

Firewall protection

Our firewall is regularly updated with the latest firmware, and Internet traffic is regularly monitored for evidence of attempted hacking.

Data Storage

Data is stored in a secure environment protected by continuously monitored security cameras and continuously monitored alarms.

The data from each server is continuously mirrored to another server. If one server fails, another automatically takes over.

In addition, the data is backed up to tape every two days. One backup tape is securely stored offsite every week.

All Uploaded files pass through a virus checker.

Access to data by Crick Software personnel

Personnel are only able to access data that is necessary for their role. A minimum number of staff have sufficient access for them to:

  • Set up and maintain user access to the online folders
  • Give technical support to customers

Access by personnel to the data is by individual login and is only possible from within the Crick Software headquarters in Northampton.

Data Protection Act

Crick Software is registered under the Data Protection Act.