eyworks apps are backed by AWS Cloud Infrastructure. All our core services and data are contained exclusively in the London (UK) region, and fully compliant with UK GDPR and data sovereignty requirements. Our infrastructure is built over multiple availability zones and is designed in line with Amazon’s “Well Architected” Security principles to ensure that we achieve maximum security and performance from their environment. This is backed up by Amazon’s 99.99% uptime service level agreements to ensure the high availability of our platform.

No, the names of children/practitioners, etc. are all stored in secure databases that are not accessible to any search engine. All access to nursery data is protected by user IDs and passwords, preventing any search engine from crawling them.

When a child leaves the nursery, you have the option to make their profile inactive.

Once a child profile is made inactive, it is moved to the inactive child list and becomes read-only, meaning you cannot add any new content such as observations or daily diaries. 60 days after the profile has been made inactive, all media associated with this child will be deleted. Any time before the profile is deleted, you can download the entire learning journey, accident sheets, medicine forms, etc to keep as a back up. We also offer special, paid versions of the learning journey such as download links and physical books in eymemories.

Inactive eymanage profiles are retained indefinitely unless you specifically request their deletion. This is done to maintain the historical financial data, which is required for some nurseries for reporting & legal purposes.

Yes, all data is backed up daily by the AWS automatic backup mechanism. The backups are incremental so that a previous version can be restored if any disasters happen that results in data loss. There are a fixed number of previous backups saved at any given point in time, which are retained for up to 7 days, and the older ones are over-written as new back-ups are created. Access to these back-ups is available only to the core team.

Users require a username and password to access the system, with support for MFA, which can be implemented at the discretion of the nursery.

Data in transit (i.e. communication between tablets/servers/browsers) is protected using TSL 1.2 encryption, with AES-GCM and forward secrecy to provide protection against man-in-the-middle attacks. When accessing our system through a browser you can check that we are using HTTPS (encrypted) communication using the symbol next to the address bar. At rest, data is protected by industry-standard encryption protocols. 

We also ensure that the data for each customer is isolated by providing them with a dedicated database schema and unique subdomain (URL), and by namespacing data using tenant-specific keys to prevent cross-tenant data leakage. In the unlikely event of a data breach, this helps to keep compromised systems separate from the others.

We utilise a flexible Role-Based Access Control model that ensures users only have access to data that is relevant to their role. Roles can only be assigned by users with top-level access. 

We retain comprehensive logs of key events such as data updates, login attempts, and configuration changes. Metadata is also tracked, including user IDs, and the timestamp and originating IP address of login attempts. These support auditability and the detection of suspicious activity.

How do I keep track of user activity?

Company Admins will be able to keep track of activity for every user at their company through global settings.

1. In the top right, click  > Global Settings.
   
2. Go to Security.
   
3. Click on the User Activity tab.
   

Yes, companies have the option to enable Multi-Factor Authentication for their nurseries. Companies can also choose to enforce the use of MFA for their users, and select between Email and Authenticator App as the method of receiving codes. 

MFA is also enforced for all parents when they log in to the eyparent app and web portal.

Our infrastructure is monitored using internal and external vulnerability scanning. We perform regular audits, security assessments, and penetration tests with independent and globally-recognised security assessment firms. 

The various services used by eyworks apps are backed-up separately. In the event that one of these services fails, they can generally be restored to a point before the disaster.

Yes, eyworks apps for nurseries are compliant to the extent required on or before 25th May 2018 and will continue to comply on an ongoing basis. You can learn more about eyworks and GDPR at www.eyworks.co.uk/gdpr.

Yes, eyworks offers a Data Processing Addendum (“DPA”) in which we commit to protect your data in accordance with GDPR. You can find a copy of the agreement at https://www.eyworks.co.uk/data-processing-agreement/

To provide world-class security and we ensure our platform meets key industry standards. eyworks is certified against IASME standards for Information & Cyber Essentials backed by the UK Government. Additionally our service provider AWS is ISO 27001, 27017 and 27018 certified.