Jump to content

Urgent Capita SIMS Data Issue - Issued by childrens services

vikpaw

By vikpaw
in MIS Systems

 Share

Recommended Posts

vikpaw

vikpaw

Posted
Posted (edited)

:mod:

 

Support documents / links provided in this post for the Capita SIMS CTF Issue outlined below. Updated 14 Sept 2018

 

SIMS CTF Issue info: Capita Education Support Services - CTF News

Guidance to handle issue: How to Identify and Correct Data Impacted by the CTF Import Incident

 

General Download and Support news from Capita: Download & Support | Capita Education Support Services

 

= = = = =

 

Prior guidance for support teams was provided in a post further in this thread here : http://www.edugeek.net/forums/mis-systems/198167-urgent-capita-sims-data-issue-issued-childrens-services-6.html#post1695212 [Correct as of Monday 23rd July.]

Please check with your local support teams and Capita's MyAccount support site for additional guidance and check later posts in this thread for more updates.

 

Ping me a message if anything needs updating or post the info and report the post so a mod can action.

Edited by vikpaw
Easier guidance
  • 3 weeks later...
titch

titch

Posted
Posted

Received this morning. Anybody have any information on it?

 

 

 

 

Dear Headteacher and admin officer,

 

This email has been sent to all HT and AOs in Hampshire including Academies

 

Urgent issue causing data protection risks

 

I’m sorry to have to let you know that Capita have announced a software issue affecting all customers nationally. It relates to data in the Schools Information Management System (SIMS). They have issued an apology for this mistake and provided assurance that it is being investigated with the highest priority. However, the impact is current and brings data breach risks so you need to be aware and take the necessary action.

 

What is the issue?

 

The problem concerns the corruption of a SIMS software matching routine for new pupils since a Capita SIMS upgrade in December 2017. The problem has only just been announced by Capita. The consequence of the corruption is that contact information for the incoming pupil for example, address, telephone number and email address, may have become associated with other pupil’s records, or the new pupil could themselves be linked to the wrong contact details. The problem could have impacted pre-admissions, pupils on roll and the records of school leavers.

 

Who does this affect?

 

This is a nationwide problem that potentially can affect all school types and phases, whether your SIMS database is centrally or locally hosted. Unfortunately, at this stage we cannot confirm which schools are affected or the scale of any problem. However, Hampshire IT are waiting for Capita to provide a means of identifying which records (if any) have been impacted. We hope to have that information by the middle of this week.

 

How can I prevent more records being affected?

 

A patch, supplied by Capita, to stop the issue affecting any more records has already been applied by Hampshire IT to all centrally hosted SIMS schools. All locally hosted schools have access to patch number 24068, via SOLUS and have been advised to apply this to their SIMS database as soon as possible.

 

What action should I take now?

 

Until we receive more clarity on a way forward from Capita, we cannot identify or fix any records that have already been corrupted. To avoid potential data breaches it is therefore vital that you do not send out communications the rely on the contact information in SIMS unless you have made appropriate additional checks to ensure all contact details are correct for each individual recipient. I hope that for many schools this as not a particularly problematic position as you will be using other sources of information and sending your communications through parent portals etc.

 

Next Steps

 

Hampshire IT is waiting for Capita to provide a routine in SIMS that will assist with identifying the records (if any) that have been corrupted. We are assured that they are working to deliver this as matter of urgency. When we have the solution, Hampshire IT will be contacting all schools to provide guidance and support to help you through this process.

 

I am very sorry to have to alert you to this particular problem right at the end of term. I am even more sorry that I can’t offer you an immediate solution to the identification of any corrupted records. The moment we have a working solution from Capita we will be in touch. In the meantime I must emphasise that you should not trust the contact information in your SIMS database and you should not use it for communicating any sensitive information unless separately corroborated.

 

Hampshire is taking this issue very seriously and we will do all we can to support schools through this incident. I do wish to emphasise that the problem has been entirely caused by Capita.

 

And now, having potentially given you a very unwelcome end of term headache, I wish you a really good and hugely well-earned summer holiday.

  • Thanks 3
Andycat

Andycat

Posted
Posted

Yes we spotted this earlier in the year. We're probably looking elsewhere for MIS now, as I can't see a transfer to Web based being particularly smooth or successful.....

 

We checked and it only affected a few contacts here.

Boredguy

Boredguy

Posted
Posted

We had an e-mail from our support team last Monday.

 

It was relating to importing CTF preadmissions since last September and before this summer update was applied.

 

For us it's not an issue as our admin team do not import the contact addresses when doing the preadmissions

bushby

bushby

Posted
Posted
Thanks for the Heads Up on that. SCC didn't make us aware of the issue. just glad that it was auto deployed to us as I called them up to check that it was pushed.
CAM

CAM

Posted
Posted

Luckily our admissions officer only imported five students. It's not thorough or ideal (I'm not sure how many have been imported through the rest of the year) but I've noted down the house number and postcode of those recently imported and checked their address matches that of their contacts. I've then produced a report of all on-roll students with their address, and the name and address of their contacts, and done a CTRL+F to search for the postcode of those imported to see if any on-roll students or their contacts have the same address and house number to indicate they may be incorrect.

 

No hits thankfully but again, not thorough. I'm not sure what other fields may be affected, I presume address counts as contact details?

pubgrub277

pubgrub277

Posted
Posted

Don't be fooled into thinking the patch is the end of the issue. LSU's and support teams should be sharing some reports for checking if your data has been affected.

The error was introduced in the AUTUMN upgrade! Although the issue is said to be with importing pre-admissions we've raised concerns about issue for other pupils too.

 

Soft contact matching on name only has occurred and could affect records link to lots of other pupils.

 

Capita's response so far hasn't been great and they seem to be underplaying the issue.

localzuk

localzuk

Posted
Posted (edited)

Our support provider, Somerset County Council, notified us of this about 2 or so weeks ago, and have been working through that time on a way to find the problematic records - which they now have done. There's no "fix" for the broken records, that's a manual task.

We have nearly 100 pupils identified with incorrect contacts...

 

My issue is that we are now having to put our staff time into fixing this mess, which was caused by Capita. We should either get some compensation for this, or they should be doing it for us!

Edited by localzuk
pubgrub277

pubgrub277

Posted
Posted
So with this occurring, surely all Capita SIMS schools are legally obliged to report a possible breach to the ICO? (as obviously should Capita)

 

Capita's stance re :ICO

 

We have been asked several times if we (Capita ESS) have reported this to the ICO, this is not Capita ESS’s responsibility as data processor and as the data controller it is the customers responsibility to report any data breaches to the ICO. Extensive guidance is available on the ICO website (https://ico.org.uk/for-organisations/report-a-breach/) on data breaches and customers should review this thoroughly before taking any action.

 

 

We hope we have demonstrated with the issue of Patch 24068 to fix the bug in the software and the continual evolvement of the diagnostic script to identify those records potential impacted, that we are doing all we can to support schools in this incident and endeavour to continually update you on the situation via regular updates in My Account notifications.”

Helen25

Helen25

Posted
Posted
We've been reporting this issue to HCC for a while now, glad we've finally got a reason, the admin staff were tearing their hair out! Just hoping the patch works and does what it is meant to.
CAM

CAM

Posted
Posted
I just told our DPO about it with details about my immediate actions to check the data and mitigate further risk. I'll leave them to decide what to do about the ICO.
Koldov

Koldov

Posted
Posted (edited)

I've just looked at SOLUS in a school and see 2 patches (same description), am I ok just to do the latest one...?

 

SIMS PATCH.jpg

 

EDIT: Does it matter what version of SIMS I'm on (was waiting until the holidays to do the Summer update)?

Edited by Koldov
synaesthesia

synaesthesia

Posted
Posted

I'd call now as good a time as any to do the update. We've just applied ours immediately after finding out about this; don't care what people are doing, data security trumps all (obviously have let people know & why).

So with some thought, once the update has finished rolling out, we'll check the necessaries and make a decision on whether we need to inform the ICO as a result of any findings.

FN-GM

FN-GM

Posted
Posted
I'd call now as good a time as any to do the update. We've just applied ours immediately after finding out about this; don't care what people are doing, data security trumps all (obviously have let people know & why).

So with some thought, once the update has finished rolling out, we'll check the necessaries and make a decision on whether we need to inform the ICO as a result of any findings.

 

There is no need for a full upgrade. The patches can be installed to resolved the problem. Plus they won't interrupt the service.

  • Thanks 1
localzuk

localzuk

Posted
Posted
Ohhhhh great...

Can anyone elaborate on exactly what the issue is? How long has this been an issue?

When importing CTFs after the Autumn update last year, it sometimes matched contacts incorrectly - so the wrong contact details get assigned to children and their parents.

  • Thanks 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


×
×
  • Create New...