Data Security

SISRA Limited is dedicated to data security and has implemented a number of measures to satisfy even the most security conscious of schools and authorities. If you have any questions regarding any section of our Data Security page, please email security@sisra.com

Data Protection Act

SISRA Limited is registered with the Information Commissioner’s Office and processes data in accordance with the Data Protection Act 1998 and the Code of Practice issued by the regulators of England, Wales and Northern Ireland.

SISRA Analytics

For users of the SISRA Analytics service, SISRA Limited will undertake the following administrative activities in relation to the processing and exchange of candidates’ personal data.

Personal data relating to: candidates’ name(s), grades, gender and special educational needs (SEN) status and a school’s own internal pupil identifier may be collected by SISRA Limited for the purposes of examination results analysis and progress tracking. SISRA Limited may hold some sensitive personal identifiable information such as ethnic codes, but does not hold sensitive personal identifiable information such as a candidate’s date of birth or address.

A candidate’s personal data will only be collected from registered schools/colleges in the context of examination results and progress analysis.
Such data collected will not be used for any purposes by SISRA Limited other than for the administration of the examination results and progress analysis process.

It is recommended that schools/colleges include SISRA Limited within their ‘fair processing notice’ (please see example below).

SISRA Observe

For users of the SISRA Observe service, SISRA Limited will undertake the following administrative activities in relation to the processing and exchange of staff’s personal data.
Personal data relating to staff’s names, employment start date, pay grade and any information that the school deems suitable for collection as part of its observation strategy, may be collected by SISRA Limited for the purposes of assisting the school in analysing observation data. SISRA Limited does not hold sensitive personal identifiable information such as address or date of birth.

Registration number: Z1483633 – Click here to access the Data Protection Register.

Fair Processing Notice

(for SISRA Analytics customers)
SISRA Limited is aware that schools have an obligation to ensure that they are following Data Protection and/or Local Authority guidelines and therefore recommend that schools/colleges include SISRA Limited within their ‘fair processing notice’. The following is an example of a ‘fair processing notice’ entry that existing customers should feel free to use within their school’s notice.

SISRA Limited: The School may send information about learners to a third-party organisation called SISRA Limited for the provision of software products delivered over the internet. The information required by SISRA Limited includes the pupil’s first name, surname, gender, ethnicity, SEN code and other factors such as ‘Pupil Premium’ and ‘Children in Care’ status. SISRA’s services are valuable in helping educational organisations to monitor and improve the quality of education they provide by allowing them to analyse student, class and subject performance in great depth. In addition to the above, the school may request the services of one or more of SISRA’s Data Consultants to visit the school. The purpose of the visit may require authorised access to the school’s management information system (MIS), which could mean access to sensitive personal data. The school will fully supervise any access while the SISRA Data Consultant is on the premises and remain responsible for any data processing that the SISRA Data Consultant might perform.

Data Protection Officer, SISRA Limited, Egerton House, 2 Tower Road, Birkenhead, Merseyside. CH41 1FN

Data Storage

All data uploaded into SISRA services is stored in a private data centre owned and operated by SISRA Ltd for the express use of SISRA services (such as SISRA Analytics and SISRA Observe). Our servers are located in the SISRA head office in Birkenhead, England and are held in a secure area that is only accessible to SISRA data centre staff. SISRA Limited uses a combination of the Secure Hypertext Transfer Protocol (HTTPS) along with the Secure Sockets Layer (SSL) protocol to provide encrypted communication and secure identification of our web servers.

Data Encryption

SISRA Limited uses a combination of the Secure Hypertext Transfer Protocol (HTTPS) along with the Secure Sockets Layer (SSL) protocol to provide encrypted communication and secure identification of our web servers. To see this in action, please visit www.sisraanalytics.co.uk or www.sisraobserve.co.uk most modern browsers should display a padlock icon in the web address (URL) bar, which you can click on to find further certificate information.
The certificate, provided by GlobalSign, should provide users with peace of mind in knowing that all data uploads and reports are transmitted in a highly secure environment.

Shared log-in blocking

SISRA Limited is aware that many other online services provide a generic login that an entire school shares. Obviously this can present schools with many security issues, and so SISRA provides each user with a unique set of login credentials. The setting up and sharing of ‘departmental’ or ‘group’ logins is not permitted, and any simultaneous logging in (with the same login details) flags up a potential security issue to the user. As SISRA Limited provides unlimited users to all member schools, there is no reason for a school to require generic logins.