Provider Contingency
DAIS-POL-002
Provider Contingency and Adverse Effects Policy
Data and AI School of London, NCFE Approved Centre
Policy Owner: Head of Centre
Version: 1.0 | Date: April 2026 | Review: April 2027
NCFE Risk Level: High
Mode of Delivery: Fully Online
2.1 Purpose and Scope
This policy sets out the Data and AI School of London's plans for maintaining continuity of qualification delivery and protecting learner interests in the event of an adverse situation. As the school operates entirely online, particular attention is given to technology failures, cybersecurity incidents, and platform unavailability.
2.2 Identified Adverse Scenarios
Organisational Risks
Closure of the school due to financial insolvency or company dissolution
Withdrawal of NCFE centre approval following regulatory action
Resignation or incapacity of key staff (Head of Centre, Compliance Manager, Lead IQA)
Technology and Digital Risks
Extended VLE or LMS outage (more than 24 hours)
Failure or discontinuation of a third-party platform used in delivery
Cybersecurity incident (data breach, ransomware, denial-of-service attack)
Loss of internet connectivity at the primary operational location
Accidental deletion or corruption of learner records or assessment evidence
External Risks
Extended illness affecting the majority of the teaching team
Changes in NCFE qualification availability or sudden discontinuation of a qualification
2.3 Contingency Procedures
VLE or Platform Outage
1. The IT/Platform Lead is notified immediately and escalates to the platform provider's support team.
2. Learners are notified via the school's emergency email contact list within 4 hours of the outage being confirmed.
3. Learning materials are made available via a backup cloud storage location communicated to learners at induction.
4. Any scheduled live sessions will be rearranged and learners notified by email.
5. If the outage extends beyond 5 working days, the Head of Centre will notify NCFE.
Cybersecurity Incident
1. The IT/Platform Lead isolates affected systems immediately.
2. The Head of Centre is notified within 1 hour.
3. If personal data has been compromised, the DPO initiates the ICO notification process within 72 hours.
4. Learners and NCFE are notified as appropriate and advised of any impact on their records.
5. The incident is logged and reviewed as part of the annual security audit.
Loss of NCFE Approval
1. The Head of Centre notifies all learners within 5 working days.
2. The centre works with NCFE to identify a suitable alternative approved centre.
3. Learner records and assessment portfolios are transferred securely to the alternative centre.
4. The centre will not accept new learner registrations from the date of withdrawal.
5. All learner data is retained in accordance with Policy 6.
2.4 Data Backup and Recovery
All learner records, assessment evidence, and IQA documentation are stored in cloud-based systems with automated daily backups to a secondary cloud location. The IT/Platform Lead tests backup integrity at least once per term. Recovery procedures are documented in the IT Security and Backup Procedure document.
2.5 Emergency Communication
The Compliance Manager maintains an emergency contact list of all currently enrolled learners' email addresses, held outside the VLE. This list is updated at every enrolment and withdrawal and is used solely for emergency communications when the VLE is inaccessible.
This policy is reviewed annually. Next review: April 2027. Approved by: Head of Centre. © Data and AI School of London, April 2026. NCFE Approved Centre.