Direct SQL Access accounts – Hosted Platform – 3rd Party Software Integration
Scomis have reviewed the process of data extractions from SIMS databases by third party applications and in particular by accounts that bypass the sims application (interface) and talk to the sims SQL database directly (known as Direct SQL access). The audit has been completed as a result of the new GDPR regulations coming into force on 25 May 2018
Capita (and Scomis as an accredited SIMS partner) have now taken the security stance that this particular method of data extraction is no longer allowed within the Hosted platform for the following reasons:
- The extraction method poses a security risk bypassing all sims security permissions, auditing and access rights controls.
- There is no way of knowing what data is being extracted and as a result it is Scomis’ interpretation that applications using this direct method contravenes the new GDPR regulations.
There have been many third party applications in the past extracting sims data in this way. Capita have now created the Technical Partner program where third party suppliers can enroll on the program and develop data extract solutions (approved API’s) that are safe, secure and supported by Capita. This is now the only permitted method of data extraction from a SIMS database hosted by Scomis.
Scomis advice to schools is not to use products from third parties which extract any SIMS data unless the third party :
- Is a Current SIMS partner
- Has a current contract for software updates
- Has a current contract for development support
Schools are responsible for ensuring the product they use meets the above criterion and Scomis can assist in any discussions that may be required.
Details for the Capita partner program can be found here:
https://www.capita-sims.co.uk/partner-with-us
Capita supported third party integration methods are shown here:
https://pmapis.azure-api.net/guidance/SIMS7_Interfacing_External_Systems.pdf