|On-demand DBS||Cached DBS|
On-demand DBS allows systems that you authorise for access to make ad-hoc requests for your school data, and an installation of Groupcall Xporter in your school services those requests on demand. You authorise and revoke access to specific destination systems within your Groupcall Xporter installation.
Cached DBS creates a cache of some of your school data in the DBS platform, for access by partners you authorise to make ad-hoc requests for your school data. You authorise specific destination systems by giving them a credential to access it via DBS, and must contact Groupcall to revoke access.
This document explains the safeguarding and security of this data and forms our Data Sharing Agreement with you when you use this service and it also forms our advice and information to you to aid you in fulfilling your statutory responsibility in safeguarding your school data. In order to use the DBS your organisation must understand and accept this agreement - use of the service implies your acceptance.
As numerous destination systems can be connected to Groupcall DBS you should sign a separate data sharing agreement for each destination system separately. Groupcall DBS implements the transportation of data to those systems but does not control how the delivered data is safeguarded.
Which mode of DBS am I running?
Overview of DBS Data Movement
This diagram explains the movement of data within DBS for both cached and on-demand mode. Depending on your configuration you may be using one or both of these modes – this document will explain more as you read it.
Click image to expand
Availability of Groupcall DBS modes
|Source System||To Groupcall XVault||To Groupcall Xporter|
|Xporter on Local MIS||On-Demand||n/a|
|Xporter on LA-hosted MIS ||On-Demand||Cached|
|Integris G2 / S2 ||Cached||Cached|
 This requires your local authority to be a Groupcall Xporter or Groupcall DBS customer.
 This will be the case if you are applying for a 'two-part' RM CMTF Feed activation, which requires use of Cached DBS to present your school data to Groupcall Partners.
DBS Fair Use Policy
It is for schools to ensure that as data controllers they have the ability to share data in this way and that they consider there to be appropriate measures in place to ensure that the data is held securely and confidentially. This document sets out how Groupcall supports these objectives.
Groupcall and its suppliers will be acting as ‘data processors’ as defined by the 1998 Data Protection Act. Groupcall has taken all reasonable measures to ensure the safety and security of the personal information, and continues to review these measures on an on-going basis.
DBS Transfer and Use of Personal Information
Groupcall DBS securely transports information as requested by destination systems; Cached DBS will also requires specific personal information be cached within the DBS platform for purposes of serving to one or more destination systems. See Data Security for more information about messages queued within DBS.
The data being requested and transmitted is governed by the Data Sharing Agreement you have with each destination system that you have authorised. You should refer to this document to determine the data that is transported through and/or cached in the DBS platform.
Cached DBS will receive daily uploads of changed records from your MIS, and provide that data to one or more destination systems that you have
- Name and preferred name
- Date of birth
- Contact email and phones
- Free school meals entitlement
- Special educational needs and reviews
- Medical alert summary
- Doctors surgery
- Mode of travel
- Academic year, registration group and house
- Attendance marks
- Assessment (only when fed via Integris G2 / S2)
- Behaviour (only when fed via Integris G2 / S2)
2. Personal information about adults currently in the employ of the school:
- Name and preferred name
- Date of birth
- Email address
- Job role
3. Personal information about pupil contacts with parental responsibility:
- Name and preferred name
- Date of birth
- Contact phones, email
4. Information about your school:
- School name and establishment number
- Class, registration and house groups
- Timetable, subjects and
- This list of fields represents the maximum possible transfer; business requirements and MIS data availability dictate that in some cases a lesser level of data than listed is actually transferred.
DBS Data Security
This information gives details of the management of data security in relation to the use of Groupcall Data Broker Services, which schools may wish to use with their fair use policy.
Groupcall DBS encrypts all data during transit using SSL encryption, and stores queued or cached data within the Groupcall DBS platform. The Groupcall DBS platform is hosted in Microsoft Azure in the Europe North territory and you can find out more about this platform at the Windows Azure Trust Centre; however in summary the data in Azure is protected from exposure by multiple layers of firewalling, authentication and physical access control.
Revocation of access for On-Demand DBS destinations does not revoke access of Cached DBS destinations, and vice-versa; if you need to revoke for both types of DBS destination then contact Groupcall Support.
Access of data by On-Demand DBS clients
An On-Demand DBS client, such as Groupcall XVault installed within a Groupcall Partner’s platform is subjected to both authentication and authorisation to request data from a school. This is achieved by firstly verifying the authenticity of the Groupcall XVault client, by means of a 256-bit security key, and then by confirming that the school requested has permitted that specific Groupcall Partner to request their data.
Revocation of On-Demand DBS access by a destination system can be applied within a school at any time; contact Groupcall Support for further information. Please note that revoking a destination system does not remove data already received by that destination, you should refer to your data sharing agreement for that specific destination system to understand that process.
Access of data by Cached DBS clients
A Cached DBS client, such as Groupcall XVault installed within a Groupcall Partner’s platform or Groupcall Xporter installed within a school for a school-based Groupcall Partner product, is subjected to both authentication and authorisation by means of a 256-bit security key which must differ for each specific school Cached in DBS. Hence a Cached DBS client must have multiple school security keys to access multiple schools.
The same security key is used by all clients you allow to access your Cached DBS data, and so to revoke access for a destination system you must contact Groupcall Support and have your Cached DBS Key (a.k.a. ‘G2X Secret’) reset. This will revoke all destination systems, and you can then provide your new secret to those partners you with to continue allowing access to. Please note that revoking a destination system does not remove data already received by that destination, you should refer to your data sharing agreement for that specific destination system to understand that process.
Upload of Cached DBS data into Groupcall DBS
Groupcall DBS requires that you request your MIS provider (either RM or your centrally hosted MIS operator) to enable their Cached DBS feed. To accept data into Groupcall DBS you must also notify Groupcall of your intentions as per our activations process. After the initial full upload, only additions, changes, and deletions to data are transmitted and those changes are effected shortly after receipt. The uploaded data is protected by SSL which serves not only to encrypt the data in transit but also to verify that data is being uploaded to Groupcall DBS and not another location.
Groupcall Support Personnel & Data Security
The Support team at Groupcall are able to resolve or advise you on any technical issues that you encounter while using Groupcall products, however they are unable to advise on any other issues affecting Groupcall Partner products and in such instances you should refer to the support arrangements for that specific Groupcall Partner.
Often it is necessary for a Groupcall support technicians to view the issue with you, in order to diagnose it fully and offer a solution. In circumstances where support technicians need to view the issue with, you they may use remote access tools to view your computer with you, in which case you should remain at your computer and supervise the entire session. All of our remote sessions allow you to retain control and allow you to terminate the session at any time. If your issue escalates and an additional support technician is required, then additional Groupcall staff may join the remote session.
If your issue is a platform issue or requires changes to your account configuration, then Groupcall staff may perform such configuration on your behalf from our secure management platform without requirement for remote access.
You are reminded that you should avoid sending personal information, such as student/contact records, to Groupcall directly. You certainly should only send such information when supported by strong encryption, if there is an explicit requirement to do so. Groupcall staff will advise the most secure method for transfer if there is such an explicit requirement.