← Back to blog

Boardingware offers the Strongest Security in The Boarding School Industry; Announces ISO 27001 certification.

Paul Organ

•

August 23, 2018

‍

When Boardingware started in 2014, we set out to solve a problem that boarding schools all over the world had struggled with for 1000 years.Everyone who has attended or worked at a boarding school knew that leave and administration for tracking the kids was a problem. So what’s the change agent that has allowed Boardingware to build a truly elegant solution that empowers schools all over the world?It’s simple - cloud computing.Cloud computing has drastically reduced computing costs so niche industries like independent boarding schools can benefit from cutting-edge technology, without huge overheads, new staff to manage a single system or crazy expensive on-site solutions.The benefits are so overbearingly positive that the eventual shift is inevitable, and even though there are those that remain sceptical, it’s only a matter of time until it is the global standard for operating schools.

With this shift -- schools need to be cautious.

While schools race to the cloud, there is also increasing pressure to improve record keeping and compliance.Independent schools attract students from all over the world, and boarding schools, in particular, are known to have large international student populations.This introduces international data storage laws and regulations that schools have to comply with as you will be storing information for foreign citizens who have residency in all corners of the world.At Boardingware, we want to bring you the best technology without compromising your peace of mind or ability to keep your data and records secure.This is why we’re happy to announce our ISO 27001 certification as a commitment to being the most trusted software company for independent schools.

Craig Muir (BSI New Zealand) presenting Kurt Meyer (co-CEO) and Mario Blazevic (CTO) with the ISO certifications

Why is ISO so important?

When schools turn to Boardingware, they come to us with the realisation that they need to provide a safer campus, which requires a live and accurate enterprise-level ledger for their students’ movements throughout the day.By tracking this kind of sensitive information, there are associated risks if the information is not handled and managed correctly.At Boardingware we believe that the relationship between a school and a cloud software provider should be a partnership that shares responsibility for the safety of your kids.While the benefits of the cloud are clear (accuracy, connectivity, flexibility etc), cloud providers that are unable to fulfil their security obligations will create a greater risk for schools when compared to a manual or on-site solution. However, if the information is handled correctly, the security and quality of service can far exceed those of on-site or manual services.The shared nature of the cloud requires schools to acknowledge that they are not in full control of these resources, and they need to seriously address cloud security as part of their due diligence for both current and future software systems.This is what lead us to attain our certification for ISO 27001 and ISO 27018

What is ISO?

ISO is short for the International Organization for Standardization - it is the body responsible for setting the standards for 162 member countries which includes all 13 of the countries that Boardingware services.Let’s break down what each of the standards we have attained mean and what schools gain from it.

ISO 27001

Overview: This certification indicates that Boardingware has implemented an information security system (ISMS) that instigates an ongoing approach to security controls and the protection of sensitive data throughout all activities within our organisation that touches sensitive information.

ISO 27018

Overview: 27018 provides additional controls which focus on the protection of personally identifiable information (PII) as a PII processor.27018 has been published to allow Cloud Service Providers whose infrastructure is certified to the standard to tell their existing and potential customers that their data is safeguarded and won’t be used for any purposes for which they don’t specifically give consent.27018 was also the basis for the recently published General Data Protection Regulation (GDPR) in the EU.

So who does this affect at your boarding school?

When selecting a software for your boarding school - there is often a number of stakeholders that must give their approval to get the green light for a project like this. Here are the 3 most common stakeholders that are influenced: IT, Business Managers/Legal Teams, End Users.

What it means for IT teams

From a technological standpoint schools can be assured that they have fulfilled their responsibilities due to the following guarantees from choosing a company with ISO certification:

  • Guaranteed reliability: The service provider they are selecting is reliable and will always give them access to their data
  • Disaster response: The cloud provider is equipped to respond to disaster events and has practiced procedures for restoring the availability of data and the service effectively
  • Data integrity: is maintained by preventing external or internal users from tampering or accessing their information
  • Providing customers with adequate agreements to meeting the data security obligations.  E.g. DPA for GDPR, BAA for HIPAA
  • Ensuring customers that the chain of responsibility and security levels between Boardingware and its sub-processors are enforced.
  • Complete Transparency: with customers around the security policies and practices that Boardingware has implemented
  • Save Time: With ISO approval you don’t have to spend weeks negotiating with cloud providers, deciphering security documentation, conducting lengthy audits, or requesting third party audits to verify the cloud providers security practices

What it means for Business Managers/Legal Teams

From a legal perspective, schools can point to the following for their business managers.

  • Legal Compliance: They are compliant with their legal obligations
  • Data Security: Their information is kept confidential within the organisation that they entrust it to.
  • Privacy Compliance: As a business manager or legal consultant to a school, you are responsible for the protection of PII (Personally Identifiable Information) and you can be assured that the school’s data is being protected in compliance with the relevant privacy laws.
  • EU: GDPR
  • UK: DPA
  • US: FERPA, HIPAA, COPPA
  • CA: PIPEDA
  • AU: Privacy Act
  • NZ: Privacy Act

What it means for End-Users

Last but not least is the importance of ISO certification for your End-Users. The following benefits will be seen by the daily users of Boardingware.

  • Reliability:  Users can access the service when they need to
  • No loss of data.  Users don’t have to worry about a loss of their records and in turn a lack of trust from the rest of your staff.
  • Confidentiality of data.  Users can be assured that their data, personal or otherwise is kept confidential.
  • Protection of their personal information.  Children and Parents can rest assured that their personal information is being protected to a high standard.
  • Peace of Mind: Parents and their children don’t have to worry about their personal data being used in a way that could jeopardize their child’s safety or privacy.

So how do you know if a company’s ISO certification is Legitimate?

A trend seen among software companies when it comes to security is to use acronyms and convoluted language to appear as though they are compliant or knows what it is talking about.The facts are often different.A company with official ISO certification will proudly display a kitemark like the one below:

ISO certification is one of the toughest standards to meet and as a school, you need to make sure that you are doing your due diligence, and to do this, you must make sure that any security claims are backed up with cold hard facts.The last part of verifying a company’s security standards is to make sure you look for ‘official certification’ which can only be issued by external auditors.Boardingware is audited and kept to standard by BSI (British Standards Institution). The audit is split across multiple stages and conducted over a period of 2 months.  The audit report is then sent to a 4th party auditor to ensure that the first auditor has not missed any requirements.  After all the checks are passed, the certificate is then issued by BSI and follow up audits are conducted annually to ensure the company is maintaining it’s security standards.When you are doing your due diligence - any company claiming ISO certification should be validated by checking the certification ID within their auditor’s registry.Click here to validate Boardingware’s certificate: Certificate NumbersISO 27001: IS 677825ISO 27018: IS 677964A company that cannot prove certification or uses language such as ‘built with ISO in mind’ or other misleading phrases should immediately be questioned by your team.

In Summary

This is big news for the industry that both Boardingware customers and future customers will benefit greatly from. This announcement is a sign of our continued commitment to security and our vision to create safer campuses all over the world.If you have any further questions, please comment below!

Resources:

Get Orah Passes, Attendance Insights & Alerts free for 30 days, plus an incredibly useful newsletter

Join thousands of school leaders exceeding their school's duty of care—subscribers receive free access to our attendance management tools, Orah Passes, Attendance Insights & Alerts for 30 days. When you sign up, we'll send you a guide detailing the setup process.

Paul Organ

I live in Auckland, New Zealand. I enjoy exercise, sauna's and cold plunges, video games and design. Prior to Orah (10 years ago now!) I was a University Student studying my Masters of Architecture. There are two important things that keep me enthused at work - Using creativity to solve complex problems and working with good people.

Featured articles

Announcing Multiple Active Passes for Day and Boarding Schools

Managing passes has just become more flexible and seamless with Orah. We’re excited to announce the release of our Multiple Active Passes feature, designed to improve how schools manage passes for students across both day and boarding.

Product Update

Student Attendance Insights: New from Orah

The Student Attendance Insights is now available on a student profile page within Orah. It is essentially a tab within a student’s profile that aggregates attendance metrics, course specific data and filters.

Product Update

Attendance Alerts Just Got a Helpful Upgrade

Previously, you could only select one recipient type for an attendance alert. Now, you can include all three recipient types in a single alert.

Product Update