At Ten Points, the security and privacy of our users — especially schools, teachers, and students — is at the heart of everything we do.
This page summarises our key security measures in plain language. It aligns with our formal Information Security Policy and Data Protection Policy.
✅ Our Commitment to Security
We are committed to ensuring:
- Confidentiality – Data is protected from unauthorised access through access controls, encryption, and staff vetting.
- Integrity – Systems are protected against tampering or loss, with audit logging and peer-reviewed code changes.
- Availability – Our platform is resilient, monitored 24/7, and designed for high uptime.
🛡️ Data Protection Measures
- Encryption – All data in transit is encrypted (TLS 1.2+). Data at rest is encrypted with industry-standard algorithms.
- Isolation – Each school’s data is logically separated for privacy and integrity.
- Backups – Regular encrypted backups are maintained to support disaster recovery.
- Access Control – Data access is limited to certified team members on a “least privilege” basis. All production access is logged.
- Staff Training – All staff complete annual privacy/security training and pass DBS Basic Checks.
🧾 Compliance and Standards
- Ten Points complies with UK GDPR and is registered with the ICO (Ref: ZB716018).
- Our Data Processing Agreement (DPA) sets out our role as Data Processor.
- We apply Privacy by Design to all new features.
- We are working toward Cyber Essentials and ISO 27001 certification.
🔍 Vulnerability Disclosure
We welcome reports from security researchers and educators.
If you believe you’ve found a security issue, please contact us: 📧 [email protected]
We acknowledge reports within 72 hours and resolve valid issues quickly. You can also see our security.txt disclosure policy.
🔄 Change Management & Monitoring
- Monitoring – Infrastructure is monitored 24/7 for anomalies and availability.
- Audit Logging – All key activities are logged to support security and investigation.
- Change Control – Code and infrastructure changes are reviewed, tested, and deployed using industry best practice.
🔐 User Responsibilities
We encourage users to:
- Use strong, unique passwords
- Enable multi-factor authentication (where available)
- Keep login credentials confidential
- Report any suspicious activity immediately
📫 Contact Us
For security concerns: [email protected]
For data protection questions: [email protected]