Data Security

Last updated: 14th July 2016

Data Protection

Capture Education is registered with the Data Protection Act (registration number: ZA173866) and nursery data is not shared with any other organisation. Only nurseries can access their own data.

Data Access

The Capture Education system is updated using HTTPS. This is a certified secure connection. The encryption level used is SSL 3.0, RC4 with 128 bit encryption (High), RSA with 1024 bit exchange.

No other organisation has access to your nursery’s data.

Location of Data and Servers

User identifiable data is held on our servers located in the UK at a SAS 70 type 2 certified site. Non-identifiable binary data is held on our servers located in Ireland at a SAS 70 type 2 certified site.

Data Centres

Our data centres are based in the UK and Ireland at independent locations and use the following security measures:

Physical Security

  • Data centre access is limited to data centre technicians
  • Biometric scanning for controlled data centre access
  • Security camera monitoring at all data centre locations
  • 24×7 onsite staff provide additional protection against unauthorised entry
  • Unmarked facilities help maintain low profile
  • Physical security is audited by an independent firm

System Security

  • System installation using hardened, patched OS
  • System patching is configured to provide ongoing protection from exploits
  • Dedicated firewall and VPN services to help block unauthorised system access
  • Data protection with managed backup solutions

Operational Security – Infrastructure

  • ISO17799 based policies and procedures, regularly reviewed as part of our SAS70 Type II audit process
  • All employees trained and documented information security and privacy procedures
  • Access to confidential information restricted to authorised personnel only, according to documented processes
  • Systems access logged and tracked for auditing purposes
  • Secure document-destruction policies for all sensitive information
  • Fully documented change-management procedures
  • Independently audited disaster recovery and business continuity plans in place for headquarters and support services

Operational Security – Application Environment

  • Best practises used in the random generation of initial passwords
  • All passwords are encrypted during transmission and while in storage
  • Secure media handling and destruction procedures for all customer data