Secure Access (SA)

Secure Access (SA)

An Introduction to Secure Access

Gale McNiff

Background to Secure Access (SA)

The Department, through Data and Statistics Division (DSD), collects a wide range of data from schools and Local Authorities using a number of information systems. Much of the data is collected at individual level and is therefore sensitive, personal information. This is protected with a secure login facility but this is no longer sufficient for our needs.

We currently use “Authentix” password management software to provide common Secure Access to our data tools. For a long time, this was deemed appropriate to our business and security needs, particularly as policy was tightly concerned with reducing the burdens on schools by the provision of a single, common, password. However, after the Hannigan report, and the subsequent refocusing of security across Government, this level of protection is no longer regarded as sufficient.

Hannigan report – Data Handling Procedures in Government, 6 March 2008. The report makes recommendations in how data handling should be carried out in Government following the loss of data by HMRC.

ISSUES

No formal global exercise to get schools to reset their Authentix passwords has ever taken place since system inception, so the sign on details in some schools might be known by multiple administrators, some whom might no longer work there.

Furthermore, Authentix’ old technology does not encrypt user credentials, which are instead held in plain text. This makes them a relatively easy target if the system is compromised. Together, these issues leave the Department exposed to the risk that someone might gain unauthorised access to identifiable child data.

However, there has been significant password churn during this period as schools often contact the DSD helpdesk to get the password reset.

Moving Forward

The need to secure our current data systems and provide a ‘future proof’ platform to manage access to new systems gave rise to the ‘Secure Access’ project, led jointly by DSD and Chief Information Officer’s Group (CIOg).

For schools, SA will give access to S2S, COLLECT & K2S. For LA colleagues this will give access to S2S and COLLECT. LA colleagues will continue to use EAS to access Key to Success (KtS).

Secure Access will ‘Go Live’ on the 10th December.

Secure Access (SA)

We have migrated all current schools, LA personnel who use S2S and/or COLLECT.

On first log in users will log in using their COLLECT username & password and the PIN number provided.

Schools will retrieve their PIN number from EduBase:-https://www.education.gov.uk/EduBase/login.xhtml

LA colleagues will receive an e-mail with their PIN.

PIN numbers will be available from 31st October

Retrieving Pin from EduBase

Retrieving Pin from EduBase

Retrieving Pin from EduBase

Retrieving Pin from EduBase

Retrieving Pin from EduBase

Retrieving Pin from EduBase

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access - Home Page (Schools)

Secure Access – Home Page (LA)

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Secure Access

Any Questions?