The school website security measures we implement for our customers

Protecting our customers

At e4education, we know how important cyber security is to our customers and to our business. We also know that school websites can often be sources of attack for unscrupulous individuals and that, as your website provider, it is our duty to protect your information.

Regular software updates, penetration testing and bug fixes

Our dedicated team of developers work daily to ensure the CMS is not vulnerable to attack. There are measures in place to constantly monitor the systems for any issues, weaknesses and external attacks, with processes in place to respond appropriately if and when required.

Single Sign On (SSO) & 2-Factor Authentication (2FA)

Our schools and trusts can choose to either link their CMS login to an existing in-school account (such as Microsoft) or request that users require an additional level of authentication (e.g. a code sent to their mobile phone) when logging in to confirm user identity.

SSL certificates

Secure Socket Layer (SSL) certificates are used to authenticate the identity of your website and to create an encrypted, secure connection between your website server and the end user’s web browser. If a website URL starts with ‘https://’ then you know it is using an SSL certificate. All of our websites are provided with a free SSL certificate as standard.

Secure and robust network infrastructure

Our CMS has an average Annual Uptime Percentage of 99% thanks to our stringent measures to monitor uptime and minimise any impact to service availability. Our servers are hosted in a data centre which is monitored 24x7x365 by a team of certified security analysts.

Remote daily server backups

Daily server backups are included as part of our comprehensive disaster recovery plan. We also have in-built CMS recovery which is accessible by our customers, so that any page, form, or event deleted within the CMS can be restored for up to 30 days.

Data protection officer (DPO) user role

The DPO role is allocated to one administrator for each website. This role allows customers to view, amend and remove who has a user account within their website. They will receive specific notifications of inactive accounts or items for review.

User manager permissions

Multiple users can have access to maintain the school or trust website. However, we recognise that having too many users with full admin access can cause complications. That’s why we have 3 standard roles within the User Manager (Administrator, Publisher and Writer) as well as the ability to create additional roles which have a unique set of permissions for specific pages or areas of the website. Each user requires their own unique email address and password to access their account and can benefit from SSO or double authentication procedures.

Full removal of personal data

When a user is deleted from the Content Management System all their personal data is stripped from the account. Likewise, when a website contract is cancelled and a customer requests their website to be taken down, we will automatically delete all personal data associated with that website.

Form encryption

Our form functionality is fully encrypted in the database as default. When forms are deleted, all the associated form submissions are also removed. Form entries can be bulk deleted and anything marked as ‘removed’ will be deleted by an automated script.

---

Want to know more about how we support our schools and trusts with their websites or interested to see our content management system in action?