IDP Connect Ltd

Education Data Portal

The Educational Data Portal is a cloud-based tool to support the collection, management and dissemination of data on education providers and the learning provision they offer. The portal allows education providers to create and edit their own institution profile according to a standardised data model.

Features

  • CRM system optimised for collection of data from education providers
  • Browser-based back-office for direct user input
  • Public access website with provider and course search
  • Self-registration and onboarding for new users
  • Dedicated service desk for provider enquiries and technical support
  • Service desk verification, validation, and data quality checks
  • Third-party integration, including Companies House, Royal Mail, Edubase
  • Integration with education sector using the UK Provider Reference Number
  • XML Webservices for real-time data dissemination
  • Highly available and secure application and infrastructure

Benefits

  • Simple interface allows quick and easy data updates
  • Accessible feeds allow data to be easily shared and disseminated
  • Service-desk assisted process to ensure complete and accurate data
  • Standardised data structure to facilitate data use
  • Use of UKPRN allows data sharing across UK education sector

Pricing

£0.4 per unit per month

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

5 7 3 3 1 9 7 5 4 0 5 1 3 9 1

Contact

IDP Connect Ltd

Thomas Paterson

0207 384 6070

thomas.paterson@idp-connect.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
N/A
System requirements
  • Public internet connection
  • Internet browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
24 hours Monday to Friday, excluding public holidays
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The Education Data Portal includes a dedicated Service Desk to provide user support and technical assistance via email and telephone. There is no additional charge for the Service Desk support. In addition to the support outlined above, the Service Desk also provides a proactive data quality and verification service for all providers. The Service Desk is available 8.00am to 5.30pm Monday to Friday, except public holidays.

24 hour infrastructure support is available to support the highly available architecture.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Education providers can self-register on the portal via a simple three-step process. Each application is verified by the Service Desk prior to activation.

Once approved, support and training for providers is available online via the website, and with the Service Desk via email and phone.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Users can request a CSV extract of all their current and historical data viathe Service Desk.
End-of-contract process
At the end of the contract, all data is provided to the user as part of the exit arrangements. All relevant data is removed from the Portal itself.

Additional support in managing exit arrangements and transitioning to new service is charged as per the SFIA Rate Card.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
The Education Data Portal API is a read-only interface for real-time access access to the data contained on the Education Data Portal. The SOAP XML interface provides full access to all publicly accessible data on the Portal through a variety of search parameters.

We support the API on-boarding process, providing documentation and technical support for users.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customisation of the Education Data Portal can be provided on request for clients, stakeholders, and users.

Scaling

Independence of resources
The Education Data Portal has built-in redundancy to allow for elastic usage during peak periods. Load testing is performed on all new developments to ensure that the Portal can handle high levels of concurrency.

Analytics

Service usage metrics
Yes
Metrics types
Service usage metrics are provided to clients and stakeholders on a weekly and monthly basis. Metrics include:

Overall data summary, including total number of providers, broken down by type.

User activity metrics, including number of new registrations, user activity (data updates), number of de-activations.

Website usage, including number of visits number of searches, etc.

API usage, including number of requests, type of requests.

Service Desk usage, including number of emails and telephone calls.

Availability and performance, including uptime and any associated incident reports.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data can be exported from the Education Data Portal via the SOAP XML API or by CSV download. All publicly available data can be exported via the API and CSV download. Users need to authenticate with the application prior to bulk downloading the data.
Data export formats
  • CSV
  • Other
Other data export formats
XML
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Uptime of the Education Data Portal is guaranteed up to 99.99% within core hours (8am to 10pm), and 98% outside of these hours. Discounts are available for lower guaranteed availability.

Service credits are available for any given month where the agreed guaranteed availability is not met.
Approach to resilience
Information on the resilience of the Education Data Portal infrastructure in available on request.
Outage reporting
Outages are reported to clients through an agreed communication plan, which includes email alerts to key stakeholders and regular updates until the incident is resolved.

End users will see a service message on the Education Data Portal website outlining the impact of the outage.

The Service Desk follows an agreed outage procedure to respond to issues arising from the outage.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
The Education Data Portal uses role-based authentication to restrict access to the management and administration areas of the tool.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
http://approachable.uk.com/
ISO/IEC 27001 accreditation date
31/10/2017
What the ISO/IEC 27001 doesn’t cover
The full Education Data Portal service is covered by ISO27001
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our information security policies were developed in line with our ISO27001 accreditation. The Chief Technology Officer takes overall responsibility for information security, and chairs the Security Forum which includes representatives with responsibility for data protection legislation, IT network and infrastructure, IT application development, and human resources. The Security Forum is responsible for understanding the information security landscape, identifying potential security issues affecting our services, and putting in place proactive and remedial measures to ensure that all services are secure and that the data we handle is processed and stored appropriately.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes requests, bugs, and defects are logged within our issue tracking software. Agreed enhancements and fixes are developed into a set of requirements for the technical teams to implement. All changes are subjected to robust security and functionality testing in a pre-production environment. Once approved, changes are released to the live environment through a controlled release management process. The complete configuration and change management process is managed in accordance with our ISO9001 and ISO27001 Policies and Processes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Proactive monitoring of industry communications helps us identify vulnerabilities within the Education Data Portal. Issues are raised and assessed through in accordance with our ISO27001 policies and processes.

Once assessed and tested on a pre-production environment, high priority patches and fixes are applied immediately.

The Education Data Portal is subject to regular penetration testing to identify areas of the infrastructure and application vulnerable to emerging threats. Findings from the tests are fed into our change management processes, which prioritises security enhancements.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Firewall and application monitoring is an integral part of the Education Data Portal, and will proactively alert the technical teams to potential issues such as denial of service attacks, suspicious network activity, and brute-force application attacks. Once identified, changes such as revoking access rights or blocking IP addresses are made immediately.
Incident management type
Supplier-defined controls
Incident management approach
Incidents which cause service failure or significant degradation are logged and processed in accordance with our ISO9001 policies and processes. Features include impact assessment, communication plans, disaster recovery, and defect resolution. Users can report issues to the dedicated Service Desk via email, telephone, or online form.

Weekly incident and service level reports are provided all stakeholders.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.4 per unit per month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑