United Learning Curriculum’s commitment to data security
We have security measures in place to prevent personal data from being accidentally lost, used or accessed unlawfully. We follow strict procedures as to how your personal data is processed, to prevent any unauthorised person from obtaining access to it.
All personal data you register on our website will be located behind a firewall and we will use our strict procedures and security features to prevent unauthorised access to our systems.
Furthermore, we enforce the zero-trust model, and a very limited number of staff has access to customer data, on a need-to-know basis. Those processing your information within United Learning and on our behalf, will do so only in an authorised manner.
Is United Curriculum GDPR complaint?
Where does United Curriculum host its customer data?
We are fully cloud-hosted, and your customer data will be stored in UK Azure data centres.
Security to protect your data.
Your data is stored behind a robust FortiGate firewall, and this protection is enhanced by Microsoft cloud security antivirus – Microsoft Defender. A dedicated team is responsible for applying security controls and monitoring with built-in intrusion detection/prevention as part of our FortiGate firewall.
Does United Curriculum have a Data Processing Officer (DPO)?
Yes. Our Company Secretary is the Data Protection Officer (DPO) and is responsible for ensuring that United Curriculum complies with the Data Protection Law. They can be contacted on email@example.com.
Do we have a password policy? If so, what criteria are used in determining the password strength?
We have a mandatory password policy, that consists of a minimum of 8-character complex passwords, including numbers, symbols, and a mixture of upper/lower case letters.
What encryption practices are in place?
Data is encrypted at rest and keys held by cloud provider.256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.
Do you have processes in place to ensure resilience and disaster recovery?
Your data is stored in Microsoft Azure cloud servers, we build resilience via a comprehensive disaster recovery plan and a cyber incident response plan which we test annually.
Does your data leave our system for any reason? If it does how do, we carry out risk management of third-party vendors?
Customer data is stored in O365 and will also be held in a CRM in the near future. All third-party vendors are listed in our privacy notice. For all third-party vendors, we carry out a due diligence process, which involves a data protection impact assessment and a cyber security questionnaire.
Do we hold any IT or Security accreditations (e.g., ITIL, ISO27001, Cyber Security Essentials, Cyber Security Essentials Plus)
We are in the process of applying for cyber essentials certification and this document will be updated once we have obtained this.
Do we conduct internal and external security audits and penetration tests?
We have an internal audit team that carries out regular audits, a penetration test was conducted in July 2023 and we monitor our product for security vulnerabilities automatically as the product grows.