Cymraeg

Suggested audience: All Hwb users and stakeholders.

One of the key benefits of schools and other education stakeholders using Hwb and its associated tools and services, is the level of due diligence that is undertaken by the Welsh Government to ensure digital services are fit for purpose and compliant.


Our contracts and agreements with suppliers contain robust data protection provisions which comply with the requirements of Article 28 of the UK General Data Protection Regulation (UK GDPR). 

Digital service

Data location

Hwb website (https://hwb.gov.wales)

AWS EU West

Personalised assessments

UK

360 Cymru (safe and digi)

UK

Just2easy

AWS EU West

Microsoft 365

 

Azure AD – Ireland, Netherlands (EU)

Exchange - UK - GBR2 Data Center

SharePoint - UK - Cardiff, Wales Data Center

OneDrive - UK - Cardiff, Wales Data Center

Microsoft Teams - Europe – UK

OneNote – UK - Cardiff, Wales Data Centre

Minecraft: Education Edition – USA

Flip – USA

Google Workspace for Education

Google for Education - EU / USA

Screencastify – EU / USA

YouTube – EU / USA

Adobe Express and Creative Cloud

Adobe Systems Software Ireland Ltd (i.e. Europe) – EU / USA

Apple services

Controlled by Apple Distribution International Limited in Ireland (i.e. Europe – EU)

Freshservice

AWS United States, European Economic Area, Australia, India

 


The following table summarises some relevant governance aspects applicable to Google Workspace for Education and Microsoft 365.

Compliance

Google Workspace for Education

Microsoft 365

National Cyber Security Centre (NCSC) Cloud Security Controls

Compliance asserted for all controls

Previously Pan Government Accredited

Cloud Security Alliance

Security, Trust and Assurance Registry (STAR) Attestation

STAR Self-Assessment

ISO27001

Expiry 14 June 2024

Expiry 2 March 2024

ISO27017

Expiry 14 June 2024

Expiry 2 March 2024

ISO27018

Expiry 14 June 2024

Expiry 2 March 2024