The HESA Data Collection System (known as the 'Aardvark' system) processes data for every student and every member of staff at HE institutions in the UK. Responsibility for the security of the system - and the data it contains - lies both with HESA and with users of the system.
HESA is responsible for ensuring that the system functions as specified, is accessible when intended and provides the appropriate level of access and control to the different types of users that register on the system.
Responsibilities of the nominated contacts
Access codes are sent to nominated contacts at HE institutions and at the Statutory Customers to whom HESA supplies data. Access codes can be used to create many user accounts. The nominated contacts are responsible for the security of the access codes and for the distribution of the access codes within their institiution. Any transaction undertaken by a user is the responsibility of the record contact for the relevant data stream at that institution.
User access is removed from the system after each data collection closes. It is the responsibility of the nominated contact at each institution to inform HESA if any user account should be deleted before the end of a collection (e.g. if a member of staff leaves during the collection).
Responsibilities of all Aardvark users
Users are responsible for ensuring that their passwords are not shared with any other individual and that nobody else uses their account. Users should be aware that the system administrators at HESA can access the passwords for every account on the Aardvark system. We therefore recommend that you do not use a password that you also use for other systems.
Users must inform HESA immediately if they believe that there has been any compromise in the security of their user account or access code.
If you have any queries about the Aardvark system please contact the Institutional Liaison team