What data does your organisation hold in relation to our school?
OSMIS acts as neither Data Controller nor Data Processor of school data and will responsibly manage information limited to that necessary for the discharge of its obligations under contract - normally limited to contact details and call records for designated service users at each site. These records are held in order to enable OSMIS manage support calls to resolution and to provide management information required under contract. OSMIS maintains this information using the Zendesk CRM system and uses Mailchimp software (with double opt-in enabled) to distribute key information to service users. Our email and back office systems are all Microsoft 365 based. You can access more on the GDPR compliance of these systems via the links below.
Does your organisation provide training to staff on data protection or management?
All OSMIS staff are required to take regular training on Information Security Awareness, Data Protection Awareness and GDPR requirements and will use best endeavours in order to support users in schools in their adherence to policy.
Can I trust you with my school's data?
OSMIS will never ask for nor accept copies of identifiable data. From time to time ESS may request a copy of your data to support the development of site specific fixes. In these cases we will assist with the upload of data directly from your school's systems to ESS's. At no point of the transfer will the data ever be present in any OSMIS system. You can find further information on ESS's compliance with GDPR legislation here.
Schools taking remote backup services
The remote backup service is provided using Redstor BackUp Services for Schools; a Capita approved solution. Data is encrypted by the school and is transferred directly to the service. Neither OSMIS nor Redstor are able to access any encrypted data packages. OSMIS monitors the efficacy of backups using reports containing no identifiable personal data. Where called upon to do so, restores of data are accomplished direct to schools' infrastructure with no data processed on OSMIS systems whatsoever. You can find further information on the compliance of RBUSS systems here.