Alongside its market-leading suite of payment, income management and meal management applications for schools being show
ParentPay is available via the Scotland Excel Framework for School Online Payments ParentPay are pleased to annou
Security & Data Protection
ParentPay provide safe and secure online payments for schools
At ParentPay we understand the importance of customer security and data protection. Our parent payment system exceeds government and industry requirements for protecting pupil, personal and financial data.
It’s important that parents, schools and local authorities have complete confidence in our systems and processes when dealing with parent payments made online.
We will work with your council IT, audit and security staff to provide detailed security and data protection information when required. All ParentPay employees have an enhanced CRB check completed.
A secure application for a cash free school
Our school online payment system is hosted, managed and maintained in a secure and reliable data centre which is fully compliant with and certified to ISO/IEC 27001(1).
The data centre environment provides a range of security and safety features for central payments for schools. These will guarantee business continuity and security:
- automated daily data back-ups including secure off-site storage
- redundant power supplies and off-grid power systems
- connection to multiple IP backbones
- environmental control systems (fire suppression, air conditioning and cooling)
- round the clock technical and monitoring staff on-site
- technical and physical building security.
We have a wide range of security management solutions. This includes firewall, anti-virus and intrusion prevention and detection services to protect against external security issues.
Managing Data Protection
ParentPay is registered as a data processor under the Data Protection Act (DPA) and everything we do meets the DPA guidelines.
A schools’ data is their responsibility and they have to take full control of accessing, managing and updating all student data in the system. You and your schools will operate as Data Controllers under the DPA.
Payment security and Payment Card Industry Data Security Standard (PCI DSS)
ParentPay Ltd is fully certified as a Service Provider under PCI DSS(2). Our compliance with PCI DSS is certified by Trustwave(3) and sponsored by LloydsTSB Cardnet.
The school online payment system does not store and can’t access any card related data such as card number, expiry date, issue number and CV2 security number. No users can access any of this data either.
Online parent payments are processed within our system via Securetrading’s Internet payment gateway. Securetrading operates one of the most secure and resilient card processing networks in Europe and are Level 1 certified under PCI DSS.
Providing customers with an audit trail
The ParentPay application creates a complete audit trail of all payments. Transaction references and identifiers link parent and school accounts to the payment and banking network.
Transactions recorded or refunds carried out by school managers are all logged against individual manager accounts so responsibility can be traced. Local Authorities and schools will be able to access all transaction data and reports for a minimum of six years.
Being responsible and accountable
ParentPay is responsible for ensuring all security and data protection standards are met and legislation and government guidance is followed. We have already been fully checked and approved by many local authorities.
We’ve also had a complete independent audit of our entire system, company and all security and processes. This was conducted by an international consultancy who gave a positive reference and full support for the service we provide.
We continue to be audited on a regular basis by the banks and card schemes we work with as well as our local authority customers.
(1) ISO/IEC 27001 is the International Standard for Information Security Management and is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
(2) The Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive international security standards and requirements for enhancing payment account data security, developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
(3) Trustwave is the leading provider of information security and payment card industry compliance management solutions to organisation worldwide.