We know that working alongside Councils, Hubs and Music Services means sharing the job of protecting peoples’ personal data. It’s vital that we not only understand the threats that exist, but we continually strive to strengthen the measures in place to safeguard against all forms of cyber attack. We're committed to delivering all measures required of us by our industry regulators, and we'll continue to develop a robust and versatile data architecture that embraces inevitable changes to the law in future.
What are the rules?
The UK government requires that councils ensure that suppliers of web applications follow a set of principles to ensure the confidentiality, integrity, and availability of council data. Where the data contains personal information, the supplier will be considered a data processor under the terms of the Data Protection Act 2018. The principles we follow are known as the NCSC Cyber Security Principles. You can read more about Melded's compliance in our downloadable PDF below.
Melded has been designed and built from scratch with flexibility, scalability and security in mind.
All data stored in Melded is transmitted via encrypted connections. Each Music Service has its own secure container in the database, accessible only by users belonging to that Service.
Location & Environment
Melded uses a VPC or Virtual Private Cloud network in London to separate your data from that of other users. Our servers are ISO/IEC 27001 and PCI DSS compliant, and use Next Gen Firewalls and IPS.
Identity & Access
All Melded users must have a registered email address and password, along with MFA (Multifactor Authentication) by confirmed email or text message. A log is kept of all activity and any unsuccessful login attempts.
Operations & Security
All data being sent or stored is encrypted and we use the latest SSL and TLS security protocols. Any security updates are stress-tested in a separate area before being pushed to live systems.
Backup & Recovery
Weekly backups are stored for 4 weeks, as well as incremental backups. We aim for full recovery within 8 hours of finding a vulnerability, and any unwanted data is securely erased as per GDPR law.
Development & Methodology
We use a software development method known as ‘Rapid Application Development’, allowing us to react quickly to the needs of our users, and remain agile enough to benefit from advances in technology.
Built with music teachers,
for music teachers
"The Melded team have created something really special. A system that can cope with the demands of a busy Music Service, that is easy to use and can cleverly adapt to meet the ever-changing needs of our industry. Mike and Lee have been a pleasure to work with, they have worked hard to understand our Music Service to create a brand, website and a database system that meets our needs, but more importantly reflects the work that we do."