Supplier Information for Due Diligence
Comprehensive information for procurement teams, data protection officers, and decision-makers conducting due diligence on Signal's safeguarding platform.
UK GDPR Compliant
Full compliance with UK data protection regulations
Security by Design
Comprehensive security measures built into every layer
UK Data Hosting
All data stored within the United Kingdom
Company Information
Company Name
Signal Education Ltd
Company Number
17014216
ICO Registration
[TODO]
Contact
support@signalschools.co.uk
Registered Address
12 Cooper Road, Bristol, BS9 3RA
Data Protection and Privacy
UK GDPR Compliance
Signal is fully compliant with UK GDPR and the Data Protection Act 2018. We process personal data lawfully, fairly, and transparently, with appropriate technical and organizational measures to ensure data security.
Data Processing Role
Signal acts as a Data Processor for customer data. Educational institutions and organizations using Signal remain the Data Controllers. We provide comprehensive Data Processing Agreements (DPAs) to all customers.
Data Location
All customer data is stored within the United Kingdom using Microsoft Azure UK South and UK West regions. Data is never transferred outside the UK without explicit consent and appropriate safeguards.
Security Measures
Infrastructure Security
- Data encrypted at rest using AES-256 encryption
- Data encrypted in transit using TLS 1.3
- Regular automated backups with point-in-time recovery
Access Controls
- Role-based access control (RBAC) with granular permissions
- Multi-factor authentication (MFA) support
- Passwordless authentication with WebAuthn/passkeys
- Session management with automatic timeout
- Comprehensive audit logging of all access and changes
Application Security
- Automated security testing integrated into our development lifecycle
- Automated dependency scanning and updates
- Secure software development lifecycle (SSDLC)
- Web Application Firewall (WAF) protection
- DDoS mitigation and rate limiting
Compliance and Standards
UK GDPR and Data Protection Act 2018
Signal is fully compliant with the UK General Data Protection Regulation and the Data Protection Act 2018. We maintain Records of Processing Activities (ROPAs) and conduct regular reviews of our data protection practices.
Security Practices
Our security practices are informed by industry standards including ISO 27001 principles. We implement comprehensive technical and organizational measures covering risk assessment, incident management, and continuous improvement. We are not currently ISO 27001 certified.
Data Protection Impact Assessment (DPIA)
We recommend that organizations conduct a Data Protection Impact Assessment (DPIA) when implementing Signal. We provide comprehensive documentation to support your DPIA process, including:
- Detailed description of data processing activities
- Categories of personal data processed
- Purpose and legal basis for processing
- Data retention and deletion procedures
- Security measures and safeguards
- Sub-processor information
- Data subject rights and how to exercise them
Sub-Processors
Signal uses the following trusted sub-processors to deliver our service:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Microsoft Azure | Cloud infrastructure and hosting | United Kingdom |
All sub-processors are bound by appropriate data processing agreements and maintain equivalent security standards.
Business Continuity and Disaster Recovery
Service Availability
Signal targets 99.9% uptime with 24/7 monitoring and automated failover. Our infrastructure is designed for high availability using Microsoft Azure's multi-region capabilities.
Backup and Recovery
Automated daily backups with point-in-time recovery capability. Backups are encrypted and stored in geographically separate regions. Recovery Time Objective (RTO): 4 hours. Recovery Point Objective (RPO): 1 hour.
Incident Response
Personal data breaches are reported to affected customers without undue delay and within 24 hours wherever possible, in accordance with UK GDPR breach notification requirements.
Support and Training
Customer Support
Dedicated support team available via email. Priority support for safeguarding-critical issues with response times based on severity level.
Training and Onboarding
Comprehensive onboarding program including video tutorials, and documentation.
Staff Vetting
All Signal staff undergo DBS (Disclosure and Barring Service) checks and receive data protection and security awareness training.
Further Information
For additional due diligence information, security documentation, or to schedule a technical review, please contact our team:
Email: support@signalschools.co.uk
Data Protection Officer: dpo@signalschools.co.uk