IDP Connect Ltd

Education Data Portal

The Educational Data Portal is a cloud-based tool to support the collection, management and dissemination of data on education providers and the learning provision they offer. The portal allows education providers to create and edit their own institution profile according to a standardised data model.

Features

  • CRM system optimised for collection of data from education providers
  • Browser-based back-office for direct user input
  • Public access website with provider and course search
  • Self-registration and onboarding for new users
  • Dedicated service desk for provider enquiries and technical support
  • Service desk verification, validation, and data quality checks
  • Third-party integration, including Companies House, Royal Mail, Edubase
  • Integration with education sector using the UK Provider Reference Number
  • XML Webservices for real-time data dissemination
  • Highly available and secure application and infrastructure

Benefits

  • Simple interface allows quick and easy data updates
  • Accessible feeds allow data to be easily shared and disseminated
  • Service-desk assisted process to ensure complete and accurate data
  • Standardised data structure to facilitate data use
  • Use of UKPRN allows data sharing across UK education sector

Pricing

£0.4 per unit per month

  • Education pricing available

Service documents

G-Cloud 11

573319754051391

IDP Connect Ltd

Thomas Paterson

0207 384 6070

thomas.paterson@idp-connect.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints N/A
System requirements
  • Public internet connection
  • Internet browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 24 hours Monday to Friday, excluding public holidays
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels The Education Data Portal includes a dedicated Service Desk to provide user support and technical assistance via email and telephone. There is no additional charge for the Service Desk support. In addition to the support outlined above, the Service Desk also provides a proactive data quality and verification service for all providers. The Service Desk is available 8.00am to 5.30pm Monday to Friday, except public holidays.

24 hour infrastructure support is available to support the highly available architecture.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Education providers can self-register on the portal via a simple three-step process. Each application is verified by the Service Desk prior to activation.

Once approved, support and training for providers is available online via the website, and with the Service Desk via email and phone.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users can request a CSV extract of all their current and historical data viathe Service Desk.
End-of-contract process At the end of the contract, all data is provided to the user as part of the exit arrangements. All relevant data is removed from the Portal itself.

Additional support in managing exit arrangements and transitioning to new service is charged as per the SFIA Rate Card.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
API Yes
What users can and can't do using the API The Education Data Portal API is a read-only interface for real-time access access to the data contained on the Education Data Portal. The SOAP XML interface provides full access to all publicly accessible data on the Portal through a variety of search parameters.

We support the API on-boarding process, providing documentation and technical support for users.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customisation of the Education Data Portal can be provided on request for clients, stakeholders, and users.

Scaling

Scaling
Independence of resources The Education Data Portal has built-in redundancy to allow for elastic usage during peak periods. Load testing is performed on all new developments to ensure that the Portal can handle high levels of concurrency.

Analytics

Analytics
Service usage metrics Yes
Metrics types Service usage metrics are provided to clients and stakeholders on a weekly and monthly basis. Metrics include:

Overall data summary, including total number of providers, broken down by type.

User activity metrics, including number of new registrations, user activity (data updates), number of de-activations.

Website usage, including number of visits number of searches, etc.

API usage, including number of requests, type of requests.

Service Desk usage, including number of emails and telephone calls.

Availability and performance, including uptime and any associated incident reports.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported from the Education Data Portal via the SOAP XML API or by CSV download. All publicly available data can be exported via the API and CSV download. Users need to authenticate with the application prior to bulk downloading the data.
Data export formats
  • CSV
  • Other
Other data export formats XML
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Uptime of the Education Data Portal is guaranteed up to 99.99% within core hours (8am to 10pm), and 98% outside of these hours. Discounts are available for lower guaranteed availability.

Service credits are available for any given month where the agreed guaranteed availability is not met.
Approach to resilience Information on the resilience of the Education Data Portal infrastructure in available on request.
Outage reporting Outages are reported to clients through an agreed communication plan, which includes email alerts to key stakeholders and regular updates until the incident is resolved.

End users will see a service message on the Education Data Portal website outlining the impact of the outage.

The Service Desk follows an agreed outage procedure to respond to issues arising from the outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels The Education Data Portal uses role-based authentication to restrict access to the management and administration areas of the tool.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 http://approachable.uk.com/
ISO/IEC 27001 accreditation date 31/10/2017
What the ISO/IEC 27001 doesn’t cover The full Education Data Portal service is covered by ISO27001
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our information security policies were developed in line with our ISO27001 accreditation. The Chief Technology Officer takes overall responsibility for information security, and chairs the Security Forum which includes representatives with responsibility for data protection legislation, IT network and infrastructure, IT application development, and human resources. The Security Forum is responsible for understanding the information security landscape, identifying potential security issues affecting our services, and putting in place proactive and remedial measures to ensure that all services are secure and that the data we handle is processed and stored appropriately.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Changes requests, bugs, and defects are logged within our issue tracking software. Agreed enhancements and fixes are developed into a set of requirements for the technical teams to implement. All changes are subjected to robust security and functionality testing in a pre-production environment. Once approved, changes are released to the live environment through a controlled release management process. The complete configuration and change management process is managed in accordance with our ISO9001 and ISO27001 Policies and Processes.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Proactive monitoring of industry communications helps us identify vulnerabilities within the Education Data Portal. Issues are raised and assessed through in accordance with our ISO27001 policies and processes.

Once assessed and tested on a pre-production environment, high priority patches and fixes are applied immediately.

The Education Data Portal is subject to regular penetration testing to identify areas of the infrastructure and application vulnerable to emerging threats. Findings from the tests are fed into our change management processes, which prioritises security enhancements.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Firewall and application monitoring is an integral part of the Education Data Portal, and will proactively alert the technical teams to potential issues such as denial of service attacks, suspicious network activity, and brute-force application attacks. Once identified, changes such as revoking access rights or blocking IP addresses are made immediately.
Incident management type Supplier-defined controls
Incident management approach Incidents which cause service failure or significant degradation are logged and processed in accordance with our ISO9001 policies and processes. Features include impact assessment, communication plans, disaster recovery, and defect resolution. Users can report issues to the dedicated Service Desk via email, telephone, or online form.

Weekly incident and service level reports are provided all stakeholders.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £0.4 per unit per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑