security and compliance update december 2015...december 2015 the security of customer data and the...
TRANSCRIPT
CongenicaLtd,WellcomeGenomeCampus,Hinxton,Cambridge,CB101RQ,UK
www.congenica.com,[email protected]&Wales,CompanyNo.8273616
Registeredofficeaddress:MerlinPlace,MiltonRoad,Cambridge,CB40DP
SecurityandComplianceUpdateDecember2015
ThesecurityofcustomerdataandtheregulatorycomplianceofoursystemsareofparamountimportancetoCongenica.Thisbriefsummaryprovidesanoverviewofoursecurityandcompliancesystems.WeareISO27001:2013certified
ISO27001("InformationSecurityManagement")providesrequirementsforestablishing,implementing,maintainingandimprovinganinformationsecuritymanagementsystem(ISMS).Organisationsthatmeetthestandardmaygainofficialcertificationissuedbyanindependentandaccreditedcertificationbodyonsuccessfulcompletionofaformalauditprocess. Specifically,theISOstandardexamines:• Information,operationalandphysicalsecurity• HumanResources• Assetmanagement• Howthecompanycontrolsaccesstobusinessdevelopments• Howthecompanydealswithincidentsanddisasterrecovery• Howthecompanycommunicatesandtransfersdatawithinitsselfandexternally• Ensuringcompliancewithallrelevantlawsandregulations
WearecompliantwiththeInformationGovernanceToolkit
InformationGovernance (IG)dealswith thewayCongenicaprocessesorhandles information, specificallypersonal information relating to patients, employees and to the company. Completion of assessment(attainment levels 2-3) demonstrates that Congenica can be trusted tomaintain the confidentiality andsecurity of personal information. It draws together legal ruling such as the Data Protection Act andguidance from the Department of Health and presents them as a single standard as a set of IGrequirements.Assessmentisagainstrequirementsfor:• Managementstructuresandresponsibilities• Dataprotectionandconfidentiality• Informationsecurity
WeareregisteredwiththeInformationCommissioner’sOffice(ICO)
The ICO is the UK’s independent authority set up touphold information rights in the public interest,promotingopennessbypublicbodiesanddataprivacyforindividuals.
CongenicaLtd,WellcomeGenomeCampus,Hinxton,Cambridge,CB101RQ,UK
www.congenica.com,[email protected]&Wales,CompanyNo.8273616
Registeredofficeaddress:MerlinPlace,MiltonRoad,Cambridge,CB40DP
CustomerData
ToenableCongenicatodeliverarobustserviceweensurethat:• Customerdataisencryptedatalltimes,bothintransitandatrest• Ourstoragesolutionsaresecure,reliableandscalable• Ourinfrastructuretosupportwebservicesarefitforpurpose
All of the services we use have the highest levels of physical and virtual security, and are listed asrecommended suppliers on the UK Government’s Digital Marketplace. The services on the DigitalMarketplacearealreadyontheG-Cloud,DigitalServicesorCrownHostingDataCentresframework.
Regulatory requirements are based on the high levels of data security specified in NHS England’s DataProtectionPolicy. NHSEngland is fullycompliantwiththeprinciplesof theDataProtectionAct includingthatpersonaldatashallnotbetransferredoutsideoftheEuropeanEconomicAreaunlessthereisadequateprotection.WhenworkingwithcustomersoutsidetheUK,weensurethatdatahandlingiscompliantwithlocalregulatoryrequirements.
Toensurethatwemaintainthehighestlevelsofsecurityforourcustomer’sdata,wecontinuallyreviewourservices to address best practices across the industry, and evaluate the performance of our existingprovisionsagainstothersolutionsavailableinthemarketplace.We have a full-time Quality Assurance and Regulatory Affairs Manager who oversees all of theseprocedures and maintains company documentation and training as well as ensuring that Congenicacontinuestoadheretoallcurrentstandardsandregulations.Forfurtherinformationpleasecontactusatinfo@congenica.com