SignalSignal

Supplier Information for Due Diligence

Comprehensive information for procurement teams, data protection officers, and decision-makers conducting due diligence on Signal's safeguarding platform.

UK GDPR Compliant

Full compliance with UK data protection regulations

ISO 27001 Standards

Information security management aligned with ISO 27001

UK Data Hosting

All data stored within the United Kingdom

Company Information

Company Name

Signal Safeguarding Ltd

Registration

Registered in England and Wales

Address

123 Education Way, London, UK, EC1A 1BB

Contact

info@signal.example.com

Data Protection and Privacy

UK GDPR Compliance

Signal is fully compliant with UK GDPR and the Data Protection Act 2018. We process personal data lawfully, fairly, and transparently, with appropriate technical and organizational measures to ensure data security.

Data Processing Role

Signal acts as a Data Processor for customer data. Educational institutions and organizations using Signal remain the Data Controllers. We provide comprehensive Data Processing Agreements (DPAs) to all customers.

Data Location

All customer data is stored within the United Kingdom using Microsoft Azure UK South and UK West regions. Data is never transferred outside the UK without explicit consent and appropriate safeguards.

Data Retention

Data retention periods are configurable by customers in accordance with their policies and legal obligations. We support automated data deletion and provide tools for data subject access requests (DSARs).

Security Measures

Infrastructure Security

  • Data encrypted at rest using AES-256 encryption
  • Data encrypted in transit using TLS 1.3
  • Hosted on Microsoft Azure with SOC 2 Type II certification
  • Multi-region redundancy for disaster recovery
  • Regular automated backups with point-in-time recovery

Access Controls

  • Role-based access control (RBAC) with granular permissions
  • Multi-factor authentication (MFA) support
  • Passwordless authentication with WebAuthn/passkeys
  • Session management with automatic timeout
  • Comprehensive audit logging of all access and changes

Application Security

  • Regular security testing and vulnerability assessments
  • Automated dependency scanning and updates
  • Secure software development lifecycle (SSDLC)
  • Web Application Firewall (WAF) protection
  • DDoS mitigation and rate limiting

Compliance and Standards

Cyber Essentials

Signal maintains Cyber Essentials certification, demonstrating our commitment to protecting against common cyber threats.

ISO 27001 Alignment

Our information security management system is aligned with ISO 27001 standards, covering risk assessment, incident management, and continuous improvement.

Education Sector Standards

Signal meets the standards required by educational institutions, including compliance with Keeping Children Safe in Education (KCSIE) guidance and local authority requirements.

Data Protection Impact Assessment (DPIA)

We recommend that organizations conduct a Data Protection Impact Assessment (DPIA) when implementing Signal. We provide comprehensive documentation to support your DPIA process, including:

  • Detailed description of data processing activities
  • Categories of personal data processed
  • Purpose and legal basis for processing
  • Data retention and deletion procedures
  • Security measures and safeguards
  • Sub-processor information
  • Data subject rights and how to exercise them

Sub-Processors

Signal uses the following trusted sub-processors to deliver our service:

Sub-ProcessorPurposeLocation
Microsoft AzureCloud infrastructure and hostingUnited Kingdom
Azure Blob StorageDocument storageUnited Kingdom
Azure Service BusMessaging and email deliveryUnited Kingdom

All sub-processors are bound by appropriate data processing agreements and maintain equivalent security standards.

Business Continuity and Disaster Recovery

Service Availability

Signal maintains a 99.9% uptime SLA with 24/7 monitoring and automated failover. Our infrastructure is designed for high availability with multi-region redundancy.

Backup and Recovery

Automated daily backups with point-in-time recovery capability. Backups are encrypted and stored in geographically separate regions. Recovery Time Objective (RTO): 4 hours. Recovery Point Objective (RPO): 1 hour.

Incident Response

Documented incident response procedures with 24/7 on-call team. Security incidents are reported to customers within 24 hours in accordance with GDPR breach notification requirements.

Support and Training

Customer Support

Dedicated support team available via email, phone, and in-app messaging. Priority support for safeguarding-critical issues with response times based on severity level.

Training and Onboarding

Comprehensive onboarding program including live training sessions, video tutorials, and documentation. Ongoing training for new features and best practices.

Staff Vetting

All Signal staff undergo background checks and security training. Staff with access to customer data sign confidentiality agreements and receive data protection training.

Further Information

For additional due diligence information, security documentation, or to schedule a technical review, please contact our team:

Email: compliance@signal.example.com

Phone: +44 (0) 20 1234 5678

Contact Us