Staff and Parent Responsibility
Learning Journals is a tool provided by us for use by nurseries and schools. We promise to uphold the commitments we make in our terms and conditions but there are also considerations to be made by staff and parents about how they responsibly use the system. You may want to create additional policies before implementing Learning Journals in your establishment. You are of course free to create your own policies and usage guidelines for your school or nursery but we consider points below to be the minimum requirements for responsible use of Learning Journals.
You are responsible for keeping your login details secure. You are the only one who knows your password and PIN combination and it is best practice to adhere to the following:
- Choose a password that is unique to your Learning Journals account. (i.e. do not use the same password for multiple sites)
- When creating a password try to ensure that it is not something easily guessed. Add numbers and symbols to make it more secure. Ideally use a password management service (e.g. Last Pass)
- Do not tell others your password or PIN
- Do not write down your password or PIN
- If you access your Learning Journals account from a public computer or device then ensure you have logged out at the end of your session, especially if you are on a computer that is not your own, to make sure your account cannot be accessed by anyone else
- Ensure you keep your nursery or school up to date with any changes in your email address
- Check with your nursery or school on their policy but it is advisable not to share any information or images from your Learning Journals profile with others including through social media
Schools and Nurseries
The nursery or school is the data controller for all content entered into Learning Journals. They have responsibility for data entered into your account and maintaining that it is correct and up to date. We recommend that they follow the best practices below or create additional policies that have the same or more stringent effects on data handling.
- Do not enter content that is unsuitable for use in Learning Journals
- The definition of unsuitable is something that must be defined either by each individual nursery or school or, if applicable, by local authority. E.g. in group observations, an owner or manager may consider that other children’s names should not appear in other children’s profiles. Another owner or manager may consider that this is perfectly acceptable. As data controllers, Managers should follow their own data protection and information security policies when deciding what is appropriate content.
- Ensure that child names are spelled correctly
- Ensure that parent names, and email addresses are spelled correctly
- Ensure that the correct child profile is linked to the correct parent
- Ensure that staff accounts are de-activated when they leave so they cannot gain access
- Ensure that parent accounts are de-activated once their child leaves you
- Ensure that you do not retain child, staff and parent information in your archive for longer than you need it for
Information for everyone:
We follow industry best practices with regards to storing user passwords in our database. We also require users to create a PIN as part of the login process. We encrypt passwords and PINs using cryptographic functions. Even developers with access to the Learning Journals database could not determine a users password or PIN. Passwords and PINs are never emailed to a user, whether a user is logging in for the first time or resetting their existing password they do this via the SSL Secured website. Ultimately the only people who know a user’s password or PIN are the user themselves.
In the event the user forgets their password we do not send a reminder. They are asked to reset it by using a 1-time activation link, which also has a time limited expiry.
Users are automatically logged out of the website after 30 minutes of inactivity.
Hosting of Data
Microsoft Azure are our website hosting suppliers. As one of the largest software companies in the world Microsoft takes security very seriously and have all the relevant certifications and Accreditation. Specifically in the UK they have been awarded Impact Level 2 (IL2) accreditation:
“The IL2 rating will benefit a broad range of UK public sector organizations, including local and regional government, National Health Service (NHS) trusts and some central government bodies, who require ‘protect’ level of security for data processing, storage and transmission.”
Here are further details on their security practices – http://azure.microsoft.com/en-us/support/trust-center/security/.
The Learning Journals application is built using the Microsoft .NET framework. The .NET framework has many inbuilt security features, which by default help secure against common web attacks like Cross-site scripting, SQL injection and Session hijacking. The .NET framework is a mature development ecosystem used by financial institutions, Governments and blue chip companies around the world.