The purpose of this web page is to confirm the policy and procedure for handling of data in the Building Compliance Testers Association (Herein “BCTA”) and it’s schemes

Type of Data
ATTMA handles four types of data

• Data about each member company and their testers
• Data for lodgement, which includes confidential information about members testing locations, raw data and results
• Emails, which may contain confidential information
• Letters, which may contain confidential information

Security

Personal/Company Data
Data held by ATTMA about scheme members and their testers is held in Microsoft Sharepoint which is held in the cloud. Some folders can be sync’d locally to the company computers. This is done using Microsoft OneDrive, a commonly used and very secure program.
Data is automatically backed up as soon as any file is saved
ATTMA has a ‘business’ Microsoft account which provides additional security features, such as ‘Previous Versions’ which allow the recovery of older versions of files, should the current versions be corrupted or lost.
Only users authorised by the Scheme Director can access all the files stored in Sharepoint
In order for the account to be accessed, a two step verification is required. Firstly, a complex password requiring alpha numeric, non-alpha numeric and a number is required. To then gain access, a 6 digit password is sent to the Scheme Director’s mobile telephone each time access is required.

Lodgement Data
Lodgement data, i.e. the data held for each company’s air tightness tests, is held on our secure server which is currently hosted by Microsoft Azure in the UK.
In order to access Lodgement, you need to be set up on the website. You are then asked to register a password and a security question. The password is kept secret. ATTMA is able to see the password.
When logging in, the user only has 5 attempts at getting the password correct before being locked out, which stops access to the system altogether. This is designed to stop brute force attacks.

Emails
Emailing is hosted by Microsoft Office 365 who provide us with emails via Microsoft’s email platform. Passwords are set by the users when registering. All computers are password protected and have antivirus software installed to minimise the risk of malware and viruses

Letters/Mail
All mail is shredded once scanned (if applicable)

Uses of Data
ATTMA will never give or sell personal or company data to any company
ATTMA may provide lodgement data, minus any personal or identifying information, to research bodies that are pre-approved by ATTMA. The data that may be shared will only be:

• Building Type
• Result
• Target
• Ventilation Type
• Mastic Sealing Status
• Town and/or Postcode of Site

Example of companies that may use this data for research purposes are;

• Universities
• Home Nation Governments*
• Public Health Authority
• HSE

*Home Nation Governments may periodically request specific data from the scheme such as Membership Numbers, Complaints, Financial Information (not for public dissemination) and Information regarding third party audits (not for public dissemination)

Should a request be made for data that falls outside of research use (i.e. a company wishing to purchase data), we would require permission from each company in order to do so. This would be done on a case by case basis. There is no blanket ‘yes’ or ‘no’ for all data being shared.#

ATTMA Record Keeping
A membership database is maintained which contains the following information;

• Name, address and contact details of Firm (includes Partnerships and Sole Traders;
• Names of Firm’s Testers;
• Qualifications (Level) of each Tester;
• Membership numbers for Firms and ID Number for each Tester
• Firm’s audit programme and dates;
• Audit plans and records, including Witness Test dates and records;
• Annual fees
• Correspondence and other relevant information

Document Storage
All documents and information related to a Firm are stored electronically. Hard copy files are only available for members pre-2016 which will be scanned and destroyed. Documents are stored securely in the individual Scheme Member’s file. Electronic files are held on the BCTA SharePoint as described below.

Document Retention
All documentation shall be retained for Firms and Testers who are currently registered as Testers and retained for five years after membership ceases.
If a Firm or individual is refused approval as a Tester, documents shall be retained for a minimum of five years, but may be archived after two years. A list of Firms and individuals refused approval will be maintained within the database.
If a Firm or individual ceases to be registered, documents will be archived and retained for a minimum of five years. A list of previous Firms and Testers will be maintained within the database.
Disposal of paper copies of documents will take place through a confidential waste disposal.

Member Firm and Tester Record Keeping
As a Guideline, Member Firms should keep and securely store records of their operations and responsibilities, including (not exclusively) the following:
Staff records – Testers and subcontractors;

• Training and qualifications;
• Testing contracts;
• Reports and results, together with lodgement details and the BCTA Test Certificate reference;
• Audits and corrective actions;
• Complaints;
• Testing equipment;
• Calibration certificates, validity and expiry dates;
  Note: it is advisable to keep an equipment and calibration log which will flag up expiry or recalibration dates sufficiently in advance.

Member Firms should keep a set of “controlled” documents and log their currency, issue numbers etc, which should include (not exclusively) the following:

• Testing Standards
• Testing procedure
• Set up procedure
• Equipment list
• Envelope area calculations for each dwelling or building

Document Retention
Records of testing contracts, reports and results, lodgement references, audit reports and corrective actions, complaints and other testing-relevant information should be kept securely for a period of not less than 5 years.