Privacy and Security

We understand how important it is to develop remote learning systems which are easy for students to use, but at the same time include security and privacy controls to help safeguard their time online.

The following information provides an overview of the measures we have taken to make our Microsoft Teams system as secure as possible.

However, we also need your help as a Parent or Carer to keep your child and others safe while using our systems. This includes making sure they are only logged in as and when they need to be, keeping an eye on them while they are using our system, and letting us know about anything that concerns you or does not look right.

What have we done?

We have implemented a number of custom security policies to help keep your child safe while they use our Teams system.

These include:

  • Providing each student with their own Sutton Music Service account which they use to log in to our systems. This helps to considerably reduce the risk of students impersonating each other and external participants joining meetings. It is really important you help us by keeping your child’s login details secure.
  • Disabling the ability for students to send or receive private messages on Microsoft Teams. This includes private messages sent to or received from tutors and other students.
  • Disabling the ability for students to make or receive private video calls on Microsoft Teams. This includes private video calls made to or received from tutors and other students.
  • Disabling the ability for students to change their profile picture on Microsoft Teams and across our Microsoft 365 system.
  • Disabling the ability for students to update their own account details, including their display name. If you spot any mistakes or would like your account details updated, please get in touch with us.
  • Disabling the ability for students to create their own Teams and Channels. The only Teams students should be able to access are those created by us for each Ensemble.
  • Disabling the ability for students to edit or delete messages they have sent in Microsoft Teams. Our staff members and music tutors are able to delete messages if necessary.

 

You might notice that we have given each student an Exchange Online email account. We do this so we can apply some of the above security policies to their accounts. But students are not able to send emails to, or receive emails from, other students or external mailboxes. Their email accounts will only allow them to send emails to, and accept emails from, Sutton Music Service staff and tutors.

All use of our email system is monitored, including any failed attempts to send or receive emails externally. A full transcript of all emails sent or received is kept for up to one year to ensure we are fulfilling our safeguarding objectives and to help us detect and prevent crime.

Microsoft Teams is compliant with ISO27001HIPAAISO27018 and SSAE16 SOC1 and SOC2 standards. Data in our Microsoft Teams system resides within the UK and EU region.

Teams data is encrypted in transit and at rest. Microsoft uses industry standard technologies such as TLS and SRTP to encrypt all data in transit between users’ devices and Microsoft datacentres, and between Microsoft datacentres. This includes messages, files, meetings, and other content.

If you would like more information about how we’ve implemented Microsoft Teams (for example, you work for a music service or school and would like to know more) please get in touch.

COVID-19 UPDATE

Updated 6 November 2020 – Please see our COVID-19 status page below for latest information on Music Service activities.