CongenicaLtd,WellcomeGenomeCampus,Hinxton,Cambridge,CB101RQ,UK

www.congenica.com,info@congenica.comRegisteredinEngland&Wales,CompanyNo.8273616

Registeredofficeaddress:MerlinPlace,MiltonRoad,Cambridge,CB40DP

SecurityandComplianceUpdateDecember2015

ThesecurityofcustomerdataandtheregulatorycomplianceofoursystemsareofparamountimportancetoCongenica.Thisbriefsummaryprovidesanoverviewofoursecurityandcompliancesystems.WeareISO27001:2013certified

ISO27001("InformationSecurityManagement")providesrequirementsforestablishing,implementing,maintainingandimprovinganinformationsecuritymanagementsystem(ISMS).Organisationsthatmeetthestandardmaygainofficialcertificationissuedbyanindependentandaccreditedcertificationbodyonsuccessfulcompletionofaformalauditprocess. Specifically,theISOstandardexamines:• Information,operationalandphysicalsecurity• HumanResources• Assetmanagement• Howthecompanycontrolsaccesstobusinessdevelopments• Howthecompanydealswithincidentsanddisasterrecovery• Howthecompanycommunicatesandtransfersdatawithinitsselfandexternally• Ensuringcompliancewithallrelevantlawsandregulations

WearecompliantwiththeInformationGovernanceToolkit

InformationGovernance (IG)dealswith thewayCongenicaprocessesorhandles information, specificallypersonal information relating to patients, employees and to the company. Completion of assessment(attainment levels 2-3) demonstrates that Congenica can be trusted tomaintain the confidentiality andsecurity of personal information. It draws together legal ruling such as the Data Protection Act andguidance from the Department of Health and presents them as a single standard as a set of IGrequirements.Assessmentisagainstrequirementsfor:• Managementstructuresandresponsibilities• Dataprotectionandconfidentiality• Informationsecurity

WeareregisteredwiththeInformationCommissioner’sOffice(ICO)

The ICO is the UK’s independent authority set up touphold information rights in the public interest,promotingopennessbypublicbodiesanddataprivacyforindividuals.

CongenicaLtd,WellcomeGenomeCampus,Hinxton,Cambridge,CB101RQ,UK

www.congenica.com,info@congenica.comRegisteredinEngland&Wales,CompanyNo.8273616

Registeredofficeaddress:MerlinPlace,MiltonRoad,Cambridge,CB40DP

CustomerData

ToenableCongenicatodeliverarobustserviceweensurethat:• Customerdataisencryptedatalltimes,bothintransitandatrest• Ourstoragesolutionsaresecure,reliableandscalable• Ourinfrastructuretosupportwebservicesarefitforpurpose

All of the services we use have the highest levels of physical and virtual security, and are listed asrecommended suppliers on the UK Government’s Digital Marketplace. The services on the DigitalMarketplacearealreadyontheG-Cloud,DigitalServicesorCrownHostingDataCentresframework.

Regulatory requirements are based on the high levels of data security specified in NHS England’s DataProtectionPolicy. NHSEngland is fullycompliantwiththeprinciplesof theDataProtectionAct includingthatpersonaldatashallnotbetransferredoutsideoftheEuropeanEconomicAreaunlessthereisadequateprotection.WhenworkingwithcustomersoutsidetheUK,weensurethatdatahandlingiscompliantwithlocalregulatoryrequirements.

Toensurethatwemaintainthehighestlevelsofsecurityforourcustomer’sdata,wecontinuallyreviewourservices to address best practices across the industry, and evaluate the performance of our existingprovisionsagainstothersolutionsavailableinthemarketplace.We have a full-time Quality Assurance and Regulatory Affairs Manager who oversees all of theseprocedures and maintains company documentation and training as well as ensuring that Congenicacontinuestoadheretoallcurrentstandardsandregulations.Forfurtherinformationpleasecontactusatinfo@congenica.com