Using s2s for generic file transfer: mandatory encryption

mEncryption

All generic files to be uploaded to the s2s system must first be encrypted. Generic files are files which have not been created by a school or local authority management information system (MIS) but have been assigned their name by a user.

A review of the s2s system by the Department's Security Unit (DSU) found that files with a fixed format, i.e. those generated by a local authority or school MIS, such as common transfer files (CTFs) and admissions preference files, were secure on s2s. This is because the records contained within them are 'streamed' into the s2s database structure, making them difficult to read by any unauthorised person. 

However, DSU took the view that generic files, though saved into the s2s database, are saved in the same format in which they were uploaded, thus posing less of an interpretation challenge and making encryption necessary.

While we have no evidence of anyone trying to gain inappropriate access to files on s2s, we are obliged to take reasonable steps to prevent such a scenario once it has been identified as a risk. 

The encryption of generic files is seen as a reasonable interim step, while the longer term security functionalities of s2s and other Departmental data systems are considered.

WinZip, ideally v10.0 or higher, is the Department's chosen method of encryption. At  September 2011 the latest version of WinZip was v15.5.

Guidance on using WinZip to encrypt files can be found in the associated resources section of this page.

Sending the data using School to School

The next step is to access the s2s website and send the WinZip file via the generic route. 

Remember - the file must be named correctly for it to be sent on s2s, for example 101LLLL_ DFESXXX__max15characters.zip

After you have sent the encrypted file you should contact the destination organisation to give them the password either via a s2s secure message or over the phone. They will then be able to download the file from s2s.

As a government department, we cannot recommend specific goods or services. However, we can confirm that WinZip used in the way set out here is a low-cost, effective method of protecting sensitive data in transit. If your authority does not have access to it, please contact the DSD Helpdesk to discuss alternative, secure methods of getting sensitive information to the Department.

Contact details

Data and Statistics Division (DSD) Helpdesk
1st Floor Mowden Hall
Staindrop Road
Darlington
DL3 9BG
Telephone: 01325 392626
Email: dsd.helpdesk@education.gsi.gov.uk
Website: http://www.education.gov.uk/schools/adminandfinance/schooladmin/ims/datacollections/requestform