Keeping Healthcare Systems Safe

Your data. Protected.

All aspects of our assured cloud platform — from security and service management to sustainability — are underpinned by a comprehensive compliance framework that governs our people, processes, premises and technology to keep your systems safe.

Heritage of Government Accreditation

We work with NHS Digital and the National Cyber Security Centre to ensure the people, processes, premises and technology controls we’ve implemented as part of our service, continue to allow UKCloud Health to achieve Pan Government Accreditation to IL3 (IL4 by aggregation) and to maintain connectivity to the Health and Social Care Network (HSCN).

We are fully aligned with the NCSC Cloud Security Principles and the Data Security & Protection Toolkit (DSPT) – and provide complete transparency to our security operations through accreditors and our Chief Information Security Officers.

Approved NHS Procurement Frameworks

We have long been a Crown Commercial Services approved supplier to the G-Cloud Framework and have specifically developed our terms and conditions to be wholly compliant with public sector procurement practices. We’ve gained approval to provide our services via a number of other public sector procurement frameworks including; NHS SBS Cloud Solutions Framework, Technology Services 2, Digital Outcomes & Specialists 4, Data & Application Solutions, Scottish Government Cloud Services Framework, YPO Data Centres & Cloud Hosting Framework and YPO Technology Hardware & Software.

Key Standards for Healthcare

Minimum Cyber Security Standard

The Minimum Cyber Security Standard (MCSS) was published in June 2018 as the new minimum set of cybersecurity standards that the government expects its departments to adhere to, and exceed wherever possible.

This standard also applies to any third-party supplier that provides services to a department and, as part of the process of following the MCSS, customers need to identify which standards are required to be evidenced by their supply chain.

Digital, Data and Technology Standards

The NHS digital, data and technology standards framework, which is currently in draft format, describes the new expectations around the use of data, interoperability, and design standards within the NHS.

This has an impact across all NHS organisations and within the supplier community to strive to achieve these more demanding standards. UKCloud Health always takes a proactive approach to data security and we have reviewed our services keeping in mind the new draft standards published by NHS Digital.

Data Security & Protection Toolkit (DSPT)

The DSPT retains the general principle that organisations should demonstrate that they can be trusted with the confidentiality and security of personal information. It also supports organisations to meet the requirements of new legislation including the likes of the General Data Protection Regulation (GDPR) and Network and Information Systems (NIS) Directive.

Data Governance in the Healthcare Sector

We have developed and implemented a comprehensive information security and data protection framework which provides our healthcare customers and partners with credible assurance material.

The Data Security and Protection Toolkit

The National Data Guardian, Dame Fiona Caldicott, has compiled and recommended a framework which will be applicable to all health and care organisations.

INFORMATION SECURITY & GOVERNANCE

Quality Management (ISO9001)

Our established Quality Management System, certified to ISO9001, delivers robust, effective policies and processes, enabling all parts of the organisation to function efficiently and in a controlled manner.

We are committed to understanding each customer’s requirements, delivering their agreed solutions on time and to budget, and ensuring their expectations are exceeded, so that we can report the highest levels of customer satisfaction (as regularly measured by our Net Promotor Score).

IT Service Management (ISO20000)

We believe that the IT Infrastructure Library (ITIL) represents best practices in the field of IT Service Management, and have aligned our service management processes with the ITIL v3 process framework.

Our customers can be assured that their contact will be with experienced individuals who have a thorough understanding of our ITIL-aligned processes. Many of our employees are ITIL certified to either Practitioner or Expert level.

Information Security Management (ISO27001)

Protecting the confidentiality, integrity and availability of your data is of the utmost importance to us.

Our ISO27001-certified Information Security Management System (ISMS) is based on a robust framework of information security policies and procedures, aligned with the our Risk Assessment Methodology.

This methodology constantly assesses a wide variety of threats and vulnerabilities which may compromise information assets or the supporting assets on which they depend for their security.

Security Controls for Cloud Services (ISO27017)

ISO27017 builds on ISO27001 by providing a more focused approach to managing the risks associated with the selection and use of cloud computing environments, from the perspective of both the cloud provider and the cloud consumer.

We were one of the first organisations to achieve external certification against the ISO27017 standard.

Personal Data in the Cloud (ISO27018)

The ISO27018 standard provides a more focused approach to managing the risks associated with personal data within cloud environments. ISO27018-specific controls include the disclosure of the geographic location of personal data, processes for the notification of data disclosures and data breaches, requirements to disclose details of sub-contracted processing activities and regulations relating to a customer’s right to access and delete personal data.

We were one of the first organisations to achieve external certification against the ISO27018 standard.

Cyber Essentials Plus

Launched by the UK Government in 2014 to reduce cyber risks across all types of organisation, this important initiative helps to safeguard the country’s growing digital economy.

We have been assessed in five key control areas – boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management. The Plus level additionally requires thorough independent technical checks of UKCloud’s platforms and systems, and seeks to identify whether they could be compromised by a variety of different cyber-attack scenarios

See a full list of accreditations on our parent website

Governance

General Data Protection Regulation (GDPR)

Our approach to GDPR compliance builds on our mature and proven approach to risk management and compliance. All our services are regularly risk assessed and we’ve completed detailed Data Protection Impact Assessments (DPIA) as required by Article 35 of GDPR. We’ve long had our own formally certified Data Protection Officer who is responsible for maintaining our status as a demonstrably compliant Service Provider – including overseeing our regular independent IT Security Health Checks in line with GDPR Article 25. And we provide a GDPR Evidence Pack which gives you assurance that UKCloud is ‘demonstrably compliant’.

Sustainable cloud services

Our services are CarbonNeutral® certified. To achieve this status, we work with Natural Capital Partners, a world-leading provider of carbon reduction solutions, to measure and reduce our carbon footprint to net zero.

UKCloud Health customers receive monthly carbon offset certificates which confirms that an independent greenhouse gas assessment has been conducted, and that the carbon emissions which resulted from their consumption of UKCloudX services have been reduced to net zero. All at no extra cost to the customer.

To help personalise content, tailor and measure adverts, we use cookies. By clicking on or navigating the site, you agree to allow us to collect information through cookies. Learn more in our Privacy and Cookies policy.