TripPA Security Statement

At TripPA, we are experienced at working in schools and with children, and understand the importance of protecting our partner schools’ data. Our approach to security includes best practices in cloud infrastructure, access control, and data handling to ensure compliance with UK GDPR and the Data Protection Act 2018.

Cloud Security & Data Protection

The TripPA apps and their data are hosted on Google Cloud Platform, a leading provider of secure cloud services. We use Google Cloud Security Command Center to monitor for threats and vulnerabilities. All data is encrypted at rest and in transit, ensuring that sensitive information remains protected at all times.

Additionally, we are partnering with a leading data sync platform in the education sector, which follows Secure by Default principles. This partnership ensures that data transfers are managed securely and in line with strict security guidelines.

Access Control & Authentication

To protect user accounts and prevent unauthorised access:

  • We support Single Sign-On (SSO) for ease of access and security.
  • Multi-Factor Authentication (MFA) is required for account creation, adding an extra layer of protection.
  • Our authentication and access model follows the Principle of Least Privilege, meaning users and systems only have access to the data necessary for their role, reducing security risks and limiting exposure to potential threats.
In-House Security & Ongoing Protection
  • The TripPA development team runs regular security tests to identify and address potential vulnerabilities, ensuring our systems remain robust and resilient against emerging threats.
  • We work to reduce our attack surface by limiting exposed access points, securing APIs, and keeping all software up to date.
  • Our security framework is continuously reviewed and improved to adapt to evolving risks.
  • All TripPA team members undergo a Disclosure and Barring Service (DBS) check, ensuring that we meet the safeguarding standards expected in the education sector.

TripPA is committed to maintaining the highest security standards. If you have any security concerns or questions, please contact us at tech@trippa.net.