Data security and information governance
Our commitment to Data Security and Information Governance
The Small Area Health Statistics Unit (SAHSU) received ISO 27001:2013 certification in April 2019. In April 2022, we renewed our certification as an extension under the Imperial College Secure Network licence. The certification recognises that we have successfully demonstrated our commitment to good practices in information management security.
Our commitment to safeguarding our research systems, data, and information assets includes people, processes, IT systems, physical security measures and data protection impact assessments.
SAHSU ISO Certificate (PDF) : 16170-ISMS-002
Our Information Security Management System (ISMS) is certified to ISO 27001:2013 by Alcumus ISOQAR. Obtaining a certificate from a third party certification body demonstrates that we have addressed, implemented and controlled the security of our research systems.
Through ISO 27001:2013 certification, we offer assurance to our stakeholders that the data and information assets entrusted to us for our research programme are managed in accordance with rigorous standards that ensure confidentiality, integrity and availability.
Our regular audits and independent assessments help us to maintain compliance with standards while also ensuring that our research programme is always compliant with legal and regulatory requirements.
NHS Data Security and Protection Toolkit - (ODS Code: 8J048)
In addition to ISO 27001:2013 accreditation, we use the NHS Data Security and Protection Toolkit (DSPT) assessment to measure and publish our performance against the National Data Guardian's data security standards. The NHS DSPT Data Security Centre reviews our assessment annually to provide our stakeholders with data security assurance.
Data Protection, Regulatory and Legal Compliance
Implementing ISO27001:2013 standards has given us the methodology to comply with ever-evolving laws, regulations, and contractual requirements related to information security.
Among other data protection and legal requirements, we ensure compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
We adhere to the Caldicott Principles to ensure that our research data are kept confidential and used appropriately.