For an overview of how we protect your data, take a look at our website.
We are fully GDPR compliant
To see our full documentation regarding data protection for all our products, including Arbor Insight, Arbor MIS, and MAT MIS, read our GDPR FAQ. This covers all our security features, principles, and processes in a digestible format.
|Third Party service/vendor||Purpose||Relationship||Entity Country|
|AWS Amazon||Servers/High Availability||Supplier||UK|
|Swyft||Customer Support , customer training and customer onboarding||Subcontractor||UK|
|SBS (School Business Services)||Customer training and customer onboarding||Subcontractor||UK|
|Schools ICT||Customer training and customer onboarding||Subcontractor||UK|
|Somerset County Council||Customer training and customer onboarding||Subcontractor||UK|
|Herts for Learning||Customer training and customer onboarding||Subcontractor||UK|
|Entrust||Customer training and customer onboarding||Subcontractor||UK|
|North Yorkshire County Council||Customer training and customer onboarding||Subcontractor||UK|
|Services 4 Schools||Customer training and customer onboarding||Subcontractor||UK|
We help you to protect your data
Arbor MIS also has a number of tools to help you keep your school GDPR compliant:
- Data quality dashboards to help keep personal data accurate
- User login histories can be viewed by headteachers and system administrators for access control
- Role-based, granular permissions so that, for instance, an individual who can see a student’s child protection status cannot necessarily view or edit documents relating to that status
- Two-factor authentication can be enabled for your staff on request, as well as enforced regular password changes (not available for the Parent Portal or Arbor App): Two-factor authentication
- Subject Access Requests made easy with all information about a data subject (whether staff, student or guardian) possible to download with one button: Downloading Profiles
- Data Retention Dashboards for personal records highlight records that exceed data retention timelines, so they can be deleted in bulk: Managing data retention for your MIS data
We have a comprehensive Information Security Management System
We have an ISO 27001 certification, which means our security management is audited annually to the highest international standards. As an MIS provider, we’re very used to handling sensitive information and are an approved government cloud provider on the DfE Cloud Service Providers list.
Although it is extremely rare, if you are concerned there may have been a data breach, please contact us immediately. We will then conduct a thorough investigation.