Cyber Security FAQ

Your school is responsible for maintaining TASS and its users. To ensure secure access to your TASS system, we recommend reviewing permissions and access points regularly. We also recommend disabling accounts as soon as possible when staff, students, or parents leave the school.

When it comes to managing user permissions in TASS, there can be a lot to unpack. We have linked some resources to learn more about applying security permissions in TASS.web and Portal Security Permissions for the Staff Portal.

Within TASS, permission groups can be created for the different products and define permissions for individual users or groups of users. This ensures that only authorised staff can access relevant data to them. Your school is responsible for managing the users and user permissions within the software.

TASS also has a built-in audit system and change logs for your peace of mind.

If your system is self-hosted, the data backups are managed by your school. However, if you are a TASS Cloud customer, disk images are taken daily and backed up for 30 days, and database backups are taken daily and stored for 365 days. If your school needs to recover its TASS system from a backup and is hosted with TASS Cloud, the maximum expected data loss is 24 hours.

A common practice that many schools have in place is a test or development instance of TASS. This allows users to test the product without running the risk of altering any live student or school data. If you would like to learn more about test environments, click here or reach out to our Technical Services team.

TASS has been certified against ISO27001 since 2021, and in 2024, we were re-certified to the latest 27001:2022 standard. TASS undergoes annual external audits, and internal audits are conducted via an internal audit schedule.

TASS maintains internal policies and procedures, such as a Disaster Recovery Plan, a Business Continuity Plan, and an Incident Response Procedure, which details our methods for managing incidents. TASS engages with the school in a way that is appropriate for the particular incident, typically via a phone call or by submitting a ticket.

If your school operates a self-hosted system, the school itself manages all associated infrastructure. For TASS Cloud customers, the Technical Services team receives infrastructure alerts for CPU, disk usage, DNS, and other monitoring tools. Internal ticketing alerts are sent to the TASS Cloud team, enabling us to offer timely and proactive support to schools. Additionally, TASS Cloud customers benefit from extra support for cloud infrastructure beyond regular business hours.

As a large portion of data incidents can be traced back to human error, ensuring your staff understand cyber security can be one of your most important lines of defence. When it comes to upskilling your staff with TASS-specific security, our Professional Services team can offer tailored training sessions for system administrators. For general cyber security tips and tricks, there is a sea of information out there; check out our blog, where we recap some of our top resources!

At TASS, we utilise Amazon Web Services (AWS) for our cloud hosted customers. Your school data is hosted locally on AWS Servers located in Sydney, Australia.