GDPR Statement

We have previously stated that we have been working to ensure that our customers can be certain that they are dealing with a compliant GDPR business and software platform. We have carried out a number of assessments and work to ensure this is the case and confirm that we meet these requirements.

The following is a list of statements/information you can use to demonstrate that we – as a supplier of services to you – are compliant with the upcoming GDPR regulations.  The information has been provided in response to the many varied questions we have received from schools and collated in one place:

  • Company name: Scomis
  • Phone: 01392 385300
  • Email: scomis@devon.gov.uk
  • Full address: Great Moor House, Bittern Road, Sowton Industrial Estate, Exeter, EX2 7NL
  • Web address: https://www.scomis.org
  • Data Protection Officer (DPO): Martin Lawrence, Information Governance Manager, Devon County Council
  • Data Protection Officer (DPO) contact: 01392 383000 (ask for Information Governance) or email accesstoinformation@devon.gov.uk
  • Data Protection Register registration number: Devon County Council Z6475582
  • Do you have any Information Security credentials?:  Yes, we have been certified to the ISO 27001:2013 Information Security standard since 2016 (current UKAS certificate 10134-ISMS-001)
  • Are your Information Security credentials checked by a third party?:  Yes, the ISO certification is carried out by an external Auditor; it requires us to demonstrate our continued commitment
  • Do you carry out background checks on staff?:  Yes, employment checks are carried out upon joining Scomis, and DBS checking is carried out on relevant Scomis employees
  • Do you have a confidentiality clause included in staff contracts?: Yes, this is covered under the Devon County Council recruitment process
  • Do staff have information security/data protection training?: Yes, this is mandatory and part of the Devon County Council/Scomis induction process
  • Is my data held within the EU?: Yes, all Customer data is kept within the EU
  • Do you have physical and electronic security measures in place to protect data?: Yes, data is held in secured locations protected by a number of security measures including CCTV, intruder alarms, environmental controls and restricted areas
  • Do you encrypt sensitive Customer data in transit?: Yes, data is securely encrypted in transit as standard
  • Do you backup Customer data, where will it be held and is it secure?: Yes we do, it is kept within the EU in secure data centres and encrypted in transit
  • Who owns the data?: Scomis process information on behalf of our Customers; the Customer (school) is still the data owner and controller
  • How do you deal with Freedom of Information or Subject Access requests on Customer data?: Any requests on these matters will be referred back to the Customer (the Data Controller)

A further more comprehensive list is available on request from the Scomis Service desk if required, but this should satisfy most requirements.  We are always happy to discuss any other specific detail.  Our updated Terms & Conditions will also be appearing on this site as will updates to service information.

Posted in GDPR.