UK Federation Data Security

This information is an appendix to that detailed in Groupcall IDaaS Data Sharing Agreement and applies specific additions when using Groupcall IDaaS in conjunction with UK federation (Shibboleth) Single Sign-On (SSO).

When carrying out SSO requests using Groupcall IDaaS within UK federation there is Personally Identifiable Information (PII) both released to and potentially stored by third parties. Such third parties have consented to the data security and sharing policies of the UK federation. The nature of released PII is covered within this document in both summary and detail.

The scope of these providers at any given time can be determined by reviewing active membership of the UK federation. The UK federation makes daily releases of this information at a technical level and Groupcall IDaaS applies changes to this information, also on a daily basis. In the event of an organisation being removed from UK federation the maximum delay in Groupcall IDaaS reflecting this change is one day.

During SSO, data is transferred over industry standard SSL encryption and protected by cryptographic signature to prevent forgery.