Trisende manages EHCP data with UK GDPR compliance, version control, and full audit trails.Every document is encrypted, access-controlled by role, and stored in UK data centres. Parents control who sees their child's data through the SSOT handshake system.
How to Manage EHCP Data: Secure SEND Document Management
Education Health and Care Plans contain some of the most sensitive data in the education system — children's health conditions, SEN diagnoses, family circumstances, and safeguarding information. Managing this data securely while keeping it accessible to the right people is one of the biggest challenges in SEND administration.
Key Principles of EHCP Data Management
UK data residency — all data stored in eu-west-2 (London region)
Encryption at rest and in transit (TLS 1.3)
Role-based access control — parents, schools, councils, NHS each see only what they need
Immutable audit trail — every access and change logged permanently
Version control — every document update creates a new version, previous versions preserved
Consent-driven sharing — the SSOT handshake system gives parents control
DPIA maintained and versioned — ready for council procurement review
Frequently Asked Questions
How should EHCP data be stored securely?
EHCP data contains special category data under UK GDPR (health information, SEN needs). It must be stored with encryption at rest and in transit, access controls, audit logging, and UK data residency. Trisende stores all data in eu-west-2 (London) with row-level security.
Who can access EHCP data?
Access should follow the principle of least privilege. Parents have full access to their child's data. Schools access provision-related sections. Local authorities have compliance-level access. NHS sees health-related data only. Trisende enforces this through role-based access control.
How do you convert EHCP data to ISP format?
Upload the EHCP document to Trisende. The AI extracts structured data from all sections, maps it to the 11-section ISP framework, identifies gaps, and generates a compliant ISP with a readiness score. The original EHCP is preserved alongside the new ISP.
Is there an audit trail for EHCP changes?
Yes. Trisende logs every action on every document: who uploaded it, who viewed it, what changes were made, and when. The audit trail is immutable and GDPR Article 30 compliant.
Can multiple organisations access the same EHCP?
Yes, through Trisende's SSOT (Single Source of Truth) handshake system. Parents control who can see their child's data. Schools and local authorities request access, and the parent grants or denies it.