Our data collection system processes data for every student and every member of staff at HE providers in the UK. Responsibility for the security of the system - and the data it contains - lies both with HESA and with users of the system.
We are responsible for ensuring that the system functions as specified, is accessible when intended and provides the appropriate level of access and control to the different types of users that register on the system.
Responsibilities of the nominated contacts
Access codes are sent to nominated contacts at HE providers and at the statutory customers to whom we supply data. Access codes can be used to create many user accounts. The nominated contacts are responsible for the security of the access codes and for the distribution of the access codes within their provider. Any transaction undertaken by a user is the responsibility of the record contact for the relevant data stream at that provider.
User access is removed from the system after each data collection closes. It is the responsibility of the nominated contact at each provider to inform us if any user account should be deleted before the end of a collection (e.g. if a member of staff leaves during the collection).
Responsibilities of all system users
Users are responsible for ensuring that their passwords are not shared with any other individual and that nobody else uses their account. Users should be aware that the system administrators at HESA can access the passwords for every account on the data collection system. We therefore recommend that you do not use a password that you also use for other systems.
Users must inform us immediately if they believe that there has been any compromise in the security of their user account or access code.
If you have any queries about the system please contact Liaison.