SIMS 7 - Backup Services - Accreditation
ESS SIMS has reviewed its policy for the accreditation of backup suppliers and will implement the following with immediate effect.
Overview
Backup providers may have different sales models; some may provide software and the backup service is provided by a third party, others may provide an end to end solution. Within the support agreement for backup providers, ESS will provide a single accreditation review each year for an end to end backup / restore service. Where a backup provider has additional services, each would be accredited on a time and materials basis. We note that some of the information required is specific to the service provider and would hence require accreditation for the whole solution rather than the software itself.
ESS are not experts in third-party backup services, however as part of our duty of care for our customers we need to satisfy ourselves that the product works on inspection, that we would expect it to continue to work with future versions of SIMS and that policies exist and are available to mutual customers which guarantee the security of the backed-up data.
Under our due diligence obligations, we must ensure that backup providers (and their service providers if applicable) provide appropriate documentation for school data controllers to meet their legal obligations. ESS may, however, decline accreditation if we decide that a solution does not meet minimum legal data protection requirements in the UK. International customers may have additional legal requirements.
Accreditation may be for one or more of the following products:
- SIMS .Net
- FMS
- SIMS Discover
- SOLUS Distribution Database
- [Other extensions will follow over time but these are optional]
The requirements are described below.
Extensions to Backup Services
Backup suppliers may offer the following DR and archiving solutions. Where these are demonstrated to ESS during accreditation, ESS will include these within accreditation. Such extensions are potentially quite bespoke and we recommend that these extended services be reviewed against your needs.
SIMS .Net
An ESS SIMS backup supplier may be accredited as a SIMS backup supplier if:
- They have a backup solution for SIMS schools for SIMS .Net.
- They are an ESS Technical Integrator with current subscriptions for SIMS software and a current technical support contract with ESS for SIMS software.
- They submit their SIMS backup software annually for accreditation (process is explained below) and pass that accreditation.
- They provide the following details which may be shared publicly on the ESS web site.
Item
|
Detail
|
Name of Product
|
|
Product Description
|
|
Backup Coverage
|
SIMS Database (Compulsory)
|
Yes / No
|
SIMS Document Server (Compulsory)
|
Yes / No
|
Master Database
|
Yes / Optional
|
MSDB
|
Optional
|
Other components – Please specify:
|
|
|
Restore methodology
|
Does the product use the SIMS version of dbAttach to restore backups of SIMS (Compulsory)
|
Yes / No
|
Can the product restore the Master Database? NB: This MUST NOT BE FORCED
|
Yes / No
|
Can the product restore the MSDB? NB: This MUST NOT BE FORCED
|
Yes / No
|
|
Testing Policy
|
Technical Integrators should outline their testing policy with regard to new releases of SIMS.
|
Guidance Documents
|
Please list URLS for key documents and SLAs for your product below:
|
FMS
An FMS backup supplier may be accredited as an FMS backup supplier if:
- They have a backup solution for ESS schools for FMS
- They are ESS Technical Integrators with current subscriptions for FMS software and a current technical support contract with ESS for FMS software.
- They submit their FMS backup software annually for accreditation (process is explained below) and pass that accreditation.
- They provide the following details which may be shared publicly on the ESS web site.
Item
|
Detail
|
Name of Product
|
|
Product Description
|
|
Backup Coverage
|
FMS Main Database (Compulsory)
|
Yes / No
|
FMS Attached Documents (Compulsory)
|
Yes / No
|
Multiple FMS Databases / Attached Documents:
Specify the selection mechanism
|
Yes / No
|
Master Database
|
Yes / No
|
MSDB
|
Yes / No
|
Other components – Please specify:
|
|
Restore methodology
|
Does the product use the FMS version of dbAttach to restore backups of FMS (Compulsory)
|
Yes / No
|
Can the product restore the Master Database? NB: This MUST NOT BE FORCED
|
Yes / No
|
Can the product restore the MSDB database? NB: This MUST NOT BE FORCED
|
Yes / No
|
|
Testing Policy
|
Technical Integrators should outline their testing policy with regard to new releases of FMS
|
Guidance Documents
|
Please list URLS for key documents and SLAs for your product below:
|
SIMS Discover
Item
|
Detail
|
Name of Product
|
|
Product Description
|
Link to URL is fine.
|
Backup Coverage
|
(Either) SIMS Discover Database
(OR) SIMS Discover Database (Additional Data)
|
Yes / No
Yes / No
|
Master Database
|
Yes / No
|
MSDB
|
Yes / No
|
Other components – Please specify:
|
|
Restore methodology
|
Does the product use the Discover Backup utility to restore Discover (Not a pre-requisite)
|
Yes / No
|
|
Testing Policy
|
Technical Integrators should outline their testing policy with regard to new releases of SIMS Discover
|
Guidance Documents
|
Please list URLS for key documents and SLAs for your product below:
|
Additional Information
Versions of SQL Supported
ESS will from time to time migrate from supporting one version of Microsoft SQL Server to another. Please refer to the following page for supported versions of SQL:
SIMS - SIMS Minimum Hardware and Technical Roadmap (service-now.com)
Technical Integrators should within their product guidance documentation identify:
- Which versions of SQL they will support
- Which version(s) of SQL they test on.
The version of SQL used in accreditation will:
- Be one of the versions where support is claimed
- Be at the sole discretion of the tester
Data Protection & GDPR
As holders of sensitive information about children, please supply a link to your (or the service provider's) Data Protection Statement.
This should clearly show:
- Where are copies of the data held? (Are copies of the data held outside of the EU?)
- How the data is transmitted securely
- Who can read the data and what security tokens are needed to enable this?
- What encryption standards are used? What is the minimum standard selectable?
- What is the Service Providers policy with regard to backups (of the backups)? Where are they stored, how does the customer know when they are destroyed? Are backups replicated to other data centres?
- Any other relevant information.
The purpose of the document link is to enable a Data Controller in a school to decide (as simply as possible) whether they can use your system with their existing consents and data protection registration
Notes
Data protection information required should be requested by the school prior to purchase if they are to meet their legal obligations. We should always assume that there is the possibility that the data held in a SIMS database may, when published to unauthorized persons, cause ‘harm’ to one or more individuals and be subject to claims for damages from the ‘harm’ caused. A backup has the same information as the master copy of the database and hence needs rigorous safeguards.
Encryption Standards
The best encryption standards are absolute; if the customer loses the key, the data cannot be recovered even if the customer offers to pay for that data recovery. Encryption keys should be owned by the data controller and copies should be stored in the school safe and/or by lodging a copy with the school’s solicitor, bank, LA or other secure and trustworthy body. Some providers may offer a secure key store. Where this is provided, it should be accompanied by a document link describing the service and how it is secured. If the school opts for this service, the data controller must be able to show that it is appropriately secured.
Intellectual Property of the Backup Providers
There is no implication that ESS would require a Technical Integrator to disclose IPR that it would not routinely declare in a sales pitch to a customer. Any document links that partners provide should be to documents that the Technical Integrator would be happy for us to share with mutual customers. If the documents are publicly available ESS will assume that the information would also be freely available to competitors.
Disaster Recovery
We encourage backup providers to consider how they can ensure that schools test out their disaster recovery plan! Typically, backup service providers know when backups were taken. They can list what was backed up but there is scope for a service which proves that all of the required data is indeed recoverable in the case of disaster. Backup service providers are invited to provide a link to their guidance to their customers for DR testing.
If this service is offered, the Technical Integrator is welcome to provide a link to the service for each relevant product.
Annual Accreditation Review
Once a year, on or around the anniversary of the previous year’s accreditation (Month 11 or 12 of the accreditation period), backup providers will be expected to book an accreditation session with the ESS TI Support Team.
Options are:
- Supplier Site (Chargeable)
- Supplier provides their up to date copy of SIMS (et al) with their backup software installed.
- ESS consultant will ask for a number of things to be changed in their SIMS (...) database.
- ESS consultant will ask that a backup be made.
- ESS consultant will ask for a number of further things to be changed in their SIMS (...) database.
- ESS consultant will ask for the database to be restored (and review the absence of the latest change set).
- [Repeat for each product SIMS, FMS, Discover as per claims]
- At ESS offices [1/2 day included within the support agreement additional time at applicable consultancy rate]
- ESS will provide the hard ware
- Supplier installs their software
- As per supplier site thereafter.
- The software may be uninstalled after the demonstration and the associated test accounts should be suspended by the service provider.
- Virtual [Up to half day included within the support agreement]
- As per supplier site above but conducted over teams.
Additionally, ESS staff will review the data protection statement (in advance) but the Technical Integrator will demonstrate that the declared link works during the session. Please note that this is not expected to be the same as the marketing DP policy on most vendor's marketing web sites. It must refer to storing customer data (if applicable) and who has access to the customer's backup.
Revocation of Accreditation
ESS will revoke an accreditation if a Technical Integrator (or their product)
- Ceases to maintain their software maintenance agreements for appropriate software.
- Ceases to maintain their ESS Technical Integrator Support Contracts for the appropriate software.
- Ceases to be ESS Technical Integrators.
- Fails to pass annual (re)accreditation.
- Fails to appropriately secure customer data.
Application for Accreditation
- Please check eligibility
- Please complete the Appendix forms: Appendix D plus at least one of A, B and/or C below.
- Please email them here.
- [Technical Integrator Development Support will review the application and feedback if necessary]
- [Technical Integrator Development Support will contact you and agree a date for review]
- [Technical Integrator Development Support will confirm accreditation subject to passing the review and meeting the criteria provided]
Appendix A – Request for SIMS .Net Backup Accreditation
Item
|
Detail
|
Name of Product
|
Demo
|
Product Description
|
www.demo.co.uk
|
Backup Coverage
|
SIMS Database
|
Yes
|
SIMS Document Server
|
Yes
|
Master Database
|
Yes [Optional]
|
MSDB
|
Additional databases such as MSDB can be added
|
Other components – Please specify: Also allows for the backup of the SIMS File Server components.
|
|
Restore methodology
2 stage restore – downloads to an alternative folder prior to restore.
The plugin then restores.
Can choose which one to restore
|
Does the product use the SIMS version of dbAttach to restore backups of SIMS
|
Yes Location is specified in the config
|
Can the product restore the Master Database? NB: This MUST NOT BE FORCED
|
Yes
|
Can the product restore the MSDB? NB: This MUST NOT BE FORCED
|
Yes
|
|
Testing Policy
|
Technical Integrators should outline their testing policy with regard to new releases of SIMS.
<Please provide a URL… We envisage that the provider will confirm version compatibility on this link>
|
Guidance Documents
|
Please list URLs for key documents and SLAs for your product below:
|
Appendix B – Request for FMS Backup Accreditation
Item
|
Detail
|
Name of Product
|
|
Product Description
|
Link to URL is fine.
|
Backup Coverage
|
FMS Main Database
|
Yes
|
FMS Attached Documents
|
Yes
|
Multiple FMS Databases / Attached Documents:
Specify the selection mechanism
|
Yes/No*
|
Master Database
|
Optional via database list
|
MSDB
|
Optional via database list
|
Other components – Please specify:
|
|
Restore methodology
FMS Documents will be backed up if the user uses SQL file extensions. Attix will happily backup any file system folder either as a network backup or local.
|
Does the product use the FMS version of dbAttach to restore backups of FMS (Compulsory)
|
Yes – Location is optional and can meet this requirement.
|
Can the product restore the Master Database? NB: This MUST NOT BE FORCED
|
Yes
|
Can the product restore the MSDB database? NB: This MUST NOT BE FORCED
|
Yes
|
|
Testing Policy
|
Technical Integrators should outline their testing policy with regard to new releases of FMS
<Please provide a URL… We envisage that the provider will confirm version compatibility on this link>
|
Guidance Documents
|
Please list URLS for key documents and SLAs for your product below:
|
Appendix C – Request for SIMS Discover Backup Accreditation
Item
|
Detail
|
Name of Product
|
|
Product Description
|
Link to URL is fine.
|
Backup Coverage
|
(Either) SIMS Discover Database
(OR) SIMS Discover Database (Additional Data)
|
Yes/No*
Yes/No*
|
Master Database
|
Yes/No*
|
MSDB
|
Yes/No*
|
Other components – Please specify:
|
|
Restore methodology
|
Does the product use the Discover Backup utility to restore Discover (Not a pre-requisite)
|
Yes/No*
|
|
Testing Policy
|
Technical Integrators should outline their testing policy with regard to new releases of SIMS Discover
<Please provide a URL… We envisage that the provider will confirm version compatibility on this link>
|
Guidance Documents
|
Please list URLs for key documents and SLAs for your product below:
|
Appendix D – Request for SIMS Backup Accreditation Additional Information
Data Protection / GDPR
As holders of the sensitive information of children, please supply a link to your (or the service providers) Data Protection Statement.
Service provider to provide a URL to GDPR DP Statement or copy in lieu.
http://
|