Data security and information governance
Our Commitment to Data Security and Information Governance
The Small Area Health Statistics Unit (SAHSU) has achieved ISO 27001:2013 certification from April 2019, in recognition of its best-practice Information Security Management System (ISMS) and also for satisfying compliance criteria and demonstrating a systematic approach to managing its research systems, handling personal and sensitive information and associated risks. As of April 2022, we have renewed our certification as an extension under the main licence of the Imperial College Secure Network.
SAHSU supports high standards in security and has a continual commitment to information governance and safeguarding its research systems, data and information assets.
ISO 27001 has helped in identifying possible threats, recommending a range of information security controls and other risk-treatment initiatives, which underpins SAHSU’s focus on continual improvement to ensure risk treatments continue to meet its information security needs.
Our ISM is integrated with our processes, systems, and practices. We use a range of privacy enhancing technologies which comprises of people, processes and IT systems, physical security measures, data sharing agreements, data protection impact assessment and audit measures to manage our data and information assets and keep them secure.
SAHSU ISO Certificate (PDF) : 16170-ISMS-002
Our Information Security Management System (ISMS) is certified to ISO 27001:2013 by Alcumus ISOQAR. Obtaining a certificate from a third party certification body demonstrates that we have addressed, implemented and controlled the security of our research systems.
The ISO 27001:2013 certification provides assurance to our stakeholders that the data and information assets entrusted to us for our research programme are handled according to rigorous standards ensuring confidentiality, integrity and availability.
Regular audits and independent assessments help us in maintaining compliance with the standards and provide assurance within the evolving legal and regulatory environment to all our stakeholders that information security plays an integral part and is always built in to our research programme.
NHS Data Security and Protection Toolkit - (ODS Code: 8J048)
In addition to the ISO 27001:2013, we use the NHS Data Security and Protection Toolkit (DSPT) Assessment to measure and publish our performance against the National Data Guardian's data security standards. The NHS Digital Data Security Centre has reviewed our recent assessment and are able provide data security assurance to our stakeholders.
Data Protection, Regulatory and Legal Compliance
SAHSU’s compliance with ISO 27001 has demonstrated that we have a robust governance framework for information management in managing risks, and using processes that allow new risks to be detected and be proactive before issues can be caused.
We ensure compliance to data protection and other legal requirements including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.