Data securityHow your data is kept secure
The information held by APPA belongs to the young people who use the app by answering questions. At any point a young person has the right to have their information removed from the database and APPA Scotland will facilitate this without question. When dealing with information from young people relating to risks and resilience, security is paramount. No information provided by the young person will be disclosed unless permission is explicitly provided by the young person.
APPA is a Cloud Based System
The Microsoft Cloud is one of the recognised information technology based Cloud partners. Using six hubs across the world, information stored within the Microsoft Cloud is physically secure in custom-built server farms designed to the highest specification.
The Database Server
The database server holds all the questions and user answers supplied by young people. It is configured to accept a connection from one computer only, the APPA application server. The application server is the operating centre for APPA, where the program and algorithms are stored and accessed by the user.
In the database all user answers are held in a separate table from the users and from the questions. Without the software links in the APPA system there is no way of understanding which user provided which answer to which question.
The Application Server
This server is secured using an RSA256 security certificate. Unless you hold our private key (which we hold offline) you cannot access our server other than by the APPA software portal.
The APPA Portal
The APPA Portal can only be accessed with a user name and password specific to the user. Once logged in, APPA assigns to the user a specific role. This defines the tasks that a user has access to.
APPA Users and Parents/Caregivers – When a young person logs into the APPA Portal they see their resilience report and when a parent/caregiver logs in they see the resilience reports only for the young people they are associated with.
Teachers and Mental Health Professionals – When teachers and mental health professionals log into the system they are able to access a resilience report only of the young people who are assigned to them and generate an action plan. They do not have access to all the APPA users in the organisation they are associated with. If a young person has agreed to release their answers to their teachers and/or mental health professionals, then this group of users will see the answers that the child has provided in the system.
Organisation Administrators – The role of an organisational administrator in the APPA portal allows for the creation of teachers/mental health professionals within an organisation and the upload of APPA user information via a template into the system. An administrator cannot see the resilience results of the young people or any of their answers.