Where will the collected data be stored?

Server - off site UK based

What physical security is in place to prevent access to the data?

Secure building accessed by key/ keypad/ access card

What are the access controls for staff, third parties and data processors?

For staff - Access to the system will be gained by username/password with a second factor authentication (one time code sent to registered mobile). Third parties - There is no access to applicant data for third parties. Applicants will be able to respond to requests made through BOPS Applicant but no personal data would be shown.

Data processors - Use secure passwords, network intrusion detection technology, encryption and authentication technology, secure logon procedures and virus protection.

How long will the data be retained for?

Data is processed for the duration of a planning application and remains stored in the BOPS application indefinitely for the records of the local planning authority.

What processes are in place to ensure information can be securely deleted/ destroyed in relation to both paper and electronic files?

It is not anticipated that information would be deleted/destroyed.

Are you using a third party cloud Service Provider?

Yes

There are 14 essential security principles to consider when evaluating cloud services. Outline of how the 14 principles are met.

Principle 1: Data in transit protection

Principle 2: Asset protection and resilience

Principle 3: Separation between customers

Principle 4: Governance framework

Principle 5: Operational security