Education Data Portal
The Educational Data Portal is a cloud-based tool to support the collection, management and dissemination of data on education providers and the learning provision they offer. The portal allows education providers to create and edit their own institution profile according to a standardised data model.
- CRM system optimised for collection of data from education providers
- Browser-based back-office for direct user input
- Public access website with provider and course search
- Self-registration and onboarding for new users
- Dedicated service desk for provider enquiries and technical support
- Service desk verification, validation, and data quality checks
- Third-party integration, including Companies House, Royal Mail, Edubase
- Integration with education sector using the UK Provider Reference Number
- XML Webservices for real-time data dissemination
- Highly available and secure application and infrastructure
- Simple interface allows quick and easy data updates
- Accessible feeds allow data to be easily shared and disseminated
- Service-desk assisted process to ensure complete and accurate data
- Standardised data structure to facilitate data use
- Use of UKPRN allows data sharing across UK education sector
£0.4 per unit per month
- Education pricing available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
IDP Connect Ltd
0207 384 6070
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||24 hours Monday to Friday, excluding public holidays|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
The Education Data Portal includes a dedicated Service Desk to provide user support and technical assistance via email and telephone. There is no additional charge for the Service Desk support. In addition to the support outlined above, the Service Desk also provides a proactive data quality and verification service for all providers. The Service Desk is available 8.00am to 5.30pm Monday to Friday, except public holidays.
24 hour infrastructure support is available to support the highly available architecture.
|Support available to third parties||Yes|
Onboarding and offboarding
Education providers can self-register on the portal via a simple three-step process. Each application is verified by the Service Desk prior to activation.
Once approved, support and training for providers is available online via the website, and with the Service Desk via email and phone.
|End-of-contract data extraction||Users can request a CSV extract of all their current and historical data viathe Service Desk.|
At the end of the contract, all data is provided to the user as part of the exit arrangements. All relevant data is removed from the Portal itself.
Additional support in managing exit arrangements and transitioning to new service is charged as per the SFIA Rate Card.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|What users can and can't do using the API||
The Education Data Portal API is a read-only interface for real-time access access to the data contained on the Education Data Portal. The SOAP XML interface provides full access to all publicly accessible data on the Portal through a variety of search parameters.
We support the API on-boarding process, providing documentation and technical support for users.
|API documentation formats|
|API sandbox or test environment||Yes|
|Description of customisation||Customisation of the Education Data Portal can be provided on request for clients, stakeholders, and users.|
|Independence of resources||The Education Data Portal has built-in redundancy to allow for elastic usage during peak periods. Load testing is performed on all new developments to ensure that the Portal can handle high levels of concurrency.|
|Service usage metrics||Yes|
Service usage metrics are provided to clients and stakeholders on a weekly and monthly basis. Metrics include:
Overall data summary, including total number of providers, broken down by type.
User activity metrics, including number of new registrations, user activity (data updates), number of de-activations.
Website usage, including number of visits number of searches, etc.
API usage, including number of requests, type of requests.
Service Desk usage, including number of emails and telephone calls.
Availability and performance, including uptime and any associated incident reports.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Data can be exported from the Education Data Portal via the SOAP XML API or by CSV download. All publicly available data can be exported via the API and CSV download. Users need to authenticate with the application prior to bulk downloading the data.|
|Data export formats||
|Other data export formats||XML|
|Data import formats||
|Other data import formats||XML|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Uptime of the Education Data Portal is guaranteed up to 99.99% within core hours (8am to 10pm), and 98% outside of these hours. Discounts are available for lower guaranteed availability.
Service credits are available for any given month where the agreed guaranteed availability is not met.
|Approach to resilience||Information on the resilience of the Education Data Portal infrastructure in available on request.|
Outages are reported to clients through an agreed communication plan, which includes email alerts to key stakeholders and regular updates until the incident is resolved.
End users will see a service message on the Education Data Portal website outlining the impact of the outage.
The Service Desk follows an agreed outage procedure to respond to issues arising from the outage.
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||The Education Data Portal uses role-based authentication to restrict access to the management and administration areas of the tool.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||http://approachable.uk.com/|
|ISO/IEC 27001 accreditation date||31/10/2017|
|What the ISO/IEC 27001 doesn’t cover||The full Education Data Portal service is covered by ISO27001|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Plus|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Our information security policies were developed in line with our ISO27001 accreditation. The Chief Technology Officer takes overall responsibility for information security, and chairs the Security Forum which includes representatives with responsibility for data protection legislation, IT network and infrastructure, IT application development, and human resources. The Security Forum is responsible for understanding the information security landscape, identifying potential security issues affecting our services, and putting in place proactive and remedial measures to ensure that all services are secure and that the data we handle is processed and stored appropriately.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Changes requests, bugs, and defects are logged within our issue tracking software. Agreed enhancements and fixes are developed into a set of requirements for the technical teams to implement. All changes are subjected to robust security and functionality testing in a pre-production environment. Once approved, changes are released to the live environment through a controlled release management process. The complete configuration and change management process is managed in accordance with our ISO9001 and ISO27001 Policies and Processes.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Proactive monitoring of industry communications helps us identify vulnerabilities within the Education Data Portal. Issues are raised and assessed through in accordance with our ISO27001 policies and processes.
Once assessed and tested on a pre-production environment, high priority patches and fixes are applied immediately.
The Education Data Portal is subject to regular penetration testing to identify areas of the infrastructure and application vulnerable to emerging threats. Findings from the tests are fed into our change management processes, which prioritises security enhancements.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Firewall and application monitoring is an integral part of the Education Data Portal, and will proactively alert the technical teams to potential issues such as denial of service attacks, suspicious network activity, and brute-force application attacks. Once identified, changes such as revoking access rights or blocking IP addresses are made immediately.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incidents which cause service failure or significant degradation are logged and processed in accordance with our ISO9001 policies and processes. Features include impact assessment, communication plans, disaster recovery, and defect resolution. Users can report issues to the dedicated Service Desk via email, telephone, or online form.
Weekly incident and service level reports are provided all stakeholders.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.4 per unit per month|
|Discount for educational organisations||Yes|
|Free trial available||No|