Information Security

How do we keep your data secure?

The key features implemented by School Asset Register to help ensure the confidentiality, integrity and availability of your information are listed below:

  • Certified to ISO/IEC 27001:2013 Information Security Management
  • Certified to ISO 9001:2008 Quality Management
  • All traffic between client and server is SSL encrypted
  • All data held in the EU
  • Regular and encrypted backups of the system are taken and held off site
  • No data is shared with any third-parties unless explicitly asked by you

As mentioned above, Selectamark Security Systems plc, operators of School Asset Register, are accredited to ISO/IEC 27001:2013 which provides requirements for an Information Security Management System.

Our Information Management System includes the following:

Risk assessments
Selectamark has identified an appropriate risk assessment methodology and developed criteria for reviewing and identifying acceptable levels of risk and measures to control risk.

Document control
Selectamark controls documents required by the information security management system in accordance with a defined set of procedures that comply with the requirements of clause 4.2.3 of BS EN ISO 9001:2000

Record maintenance
Selectamark maintains records in accordance with procedures that comply with the requirements of clause 4.2.4 of BS EN ISO 9001:2008

Management responsibility
Selectamark's management is commited to running an effective information security management system which includes defining roles and responsibilities, providing adequate resources, ensuring regular internal audits are carried out and conducting reviews of the system at least once every year.

Resource management
Selectamark shall ensure there is sufficient resources to a) operate the secure asset register in accordance with the reuqirements of LPS1224 and b) maintain the service levels stated in accordance with clause 3.2.16

Event logs
Selectamark logs operations and events to support detection of potential breaches in information security.

Incident response
Selectamark has established and maintains a system for identifying, reporting, investigating and responding to a) unauthorised activity b) security incidents and c) faults.

Internal audits
Selectamark has defined and implemented procedures for conducting internal audits, recording the results of audits and maintaining records of the audits.

Corrective and preventative actions
Selectamark has defined and implemented document procedures for implementing corrective actions to eliminate the cause of existing or previous non-conformities.

Selectamark makes regular and frequent back-ups of all information, and these are encrypted to prevent unauthorised use. Back-up copies are stored at multiple secure locations and tested regularly.

Business continuity
Selectamark has implemented a business continuity procedure to ensure that a) it can operate the secure asset register within 24 hours of a major event/incident that affects the provision of the secure asset registration service occuring and b) minor events/incidents do not undermine its conformity with the service level defined in accordance with clause The continuity plan is tested and reviewed on a regular basis.

If you have any further queries please contact [email protected]