Our approach to data security
We hold data security as the highest possible priority. Our security model is compliant with the latest iteration of ISO 27001:2013; Information Security Management System (ISMS) which covers over 140 externally audited control statements. This is an internationally recognised standard of information security management, which we have held for over 12 years.
The features of this security model are a complete system of control for electronic, human and physical aspects of information security, covering existing and new deployment controls with rigorous compliance monitoring. The benefit of using this internationally recognised security model is to provide all our customers with an assurance of the highest possible standard of validated data audit and system testing.
NHS Data Security and Protection Toolkit
We have successfully achieved the NHS Data Security and Protection Toolkit standard. View our listing.
We apply the highest standards of confidentiality and security denoted by these accreditations fully to all systems and processes involved in delivering products and services. This includes data transmission, any temporary data storage, processing, and reporting and access control.
Where required we have conducted Data Processing Impact Assessments (DPIA) on our suppliers and partners. This is aligned with our responsibilities under GDPR.
Further details are available on request from our Data Protection Officer.
Cyber essentials plus accredited
This scheme recognises the resilient nature of our data defences and demonstrates our commitment to the highest possible levels of cyber security. The Cyber Essentials PLUS scheme is a more robust certification, which required an independent assessment of our security controls.
The Cyber Essentials scheme is a government-backed scheme, focusing on the most common internet-based threats to cyber security. The scheme considers these threats to be hacking, phishing and password guessing. The scheme also helps our organisation to protect the confidentiality and integrity of data stored on devices that connect to the internet, including, desktop and laptop PCs, tablets and smartphones and all hardware and networking equipment.
As a healthcare technology business, we take all matters of cyber and data security very seriously. We recognise that our customers must have complete faith and confidence in us to provide systems that are robust and secure. The Cyber Essentials Plus accreditation process allows us to demonstrate that our organisation is fully aligned with this aim.