Data protection and information security


Apache Log4j vulnerability statement

FFT is aware of the recently reported security issue relating to the open-source Apache Log4j logging framework (CVE-2021-44228). We are taking this issue very seriously and have reviewed all of the applications developed by FFT and the third party applications and business systems used by FFT.

FFT can confirm that Log4j is not used in the assessment data and literacy applications developed by FFT. We can confirm that some third party applications used by FFT are affected by Log4j. FFT is working with our suppliers to urgently update and patch all affected systems that use the vulnerable Log4j component including Tableau, Salesforce, Slack and Amazon Web Services.


FFT manages the secure processing and analysis of data for over 8 million students in 25,000 schools. Our information security processes are externally audited and FFT has certifications for ISO27001 (the international standard for information security) and Cyber Essentials Plus (the UK government standard for information security). We store, process and manage all data in the UK at Amazon Web Services’ data centre in London.


FFT Aspire: Terms and Conditions

The standard Terms and Conditions for FFT Aspire apply to all schools, local authorities, academy trusts and dioceses using FFT Aspire in England and Wales.  All FFT Aspire users accept the standard Terms of Use.


General T&Cs

Data processing T&Cs


FFT Privacy Notice

FFT’s Privacy Notice is available on this website and FFT Aspire.

FFT Privacy Notice

If you have any questions about data protection at FFT, including any requests to exercise your data protection rights, please contact:

Helen Robinson (FFT Data Protection Officer) 
FFT Education Ltd, 79 Eastgate Cowbridge, CF71 7AA
Telephone: 01446 776262