Skip to main content

Security & GDPR

The safety of the data stored on the 4Schools system and the compliance of the platform with the General Data Protection Regulation (GDPR) are secure.

4Schools protection mechanisms that ensure compliance with GDPR

Encrypted database: The systems database is encrypted and cannot be surreptitiously copied, as it does not exist locally in a computer at the educational institution.

Encrypted communication: Communications with the system and all transfer of data are fully encrypted.

Access the system through a pair of keys (username/password): Every user has a unique username/key (password) combination that must be used to access the application.

Definition of key (password) lifespans and level of key complexity: The lifespan of the users’ keys (passwords) is defined in the application. No key is valid beyond that time, and users without a renewed key do not have access to the application (access is deactivated).

Classified access to information and data: Users have access only to the data that concerns them.

Classified access to indexes and lists: Users have access only to pre-determined indexes and lists.

Classified access to parents’ and students’ details: Certain fields or information can be made non-viewable for certain user groups.

Definition of user groups: Groups can be defined that share the same rights of access.

Logging: Changes to personal data are permanently logged, so each user’s activity is traceable.

Right to mobility: The 4Schools system can provide a printout or electronic document of any type with all personal and sensitive data for each person in the system.

IP lock per user: 4Schools allows access to the application to be blocked from a specific IP address or a range of addresses.

Users’ roles: Application users can be upgraded at your choice to be authorised to view additional specific information. Any type of editing (or viewing or printing) of sensitive and personal data by non-authorised users can be prohibited.

Sensitive personal data: The display of sensitive personal data can be prohibited for any or all reports, with reference to the user/information level or the classification.

Delete personal data: The complete deletion of a user’s personal data, apart from the information that must be kept as stipulated by law and the rules of operation of the educational institution, can be deleted.

Data storage in the cloud with Microsoft Azure

All 4Schools data and all information entered by the educational institution are stored with Microsoft’s cloud data service, Azure.

Microsoft Azure is a cutting-edge, high-tech data centre, and is trusted by thousands of organisations that manage critical and sensitive data, including banks, governmental organisations, insurance companies, health organisations and telecommunication bodies.

Microsoft Azure provides unique safety guarantees against data loss. Everything stored with Azure is provided in two different locations, with an automatic redirect to the second location should something happen to the first, thus evading even minor losses and providing a full redundancy in the physical materials of storage: all discs, memory hardware and CPUs are provided in multiple instances. Additionally, EPAFOS provides a continuous backup every hour, with 24snapshots of your data every day, for 14 days.

Data safety, data protection, data transparency and data sovereignty are guaranteed by the Microsoft Azure platform through its use of a Security Development Lifecycle (SDL), from its initial design until the provision of a solution.