Keeping healthcare systems safe

All aspects of our assured cloud platform — from security and service management to sustainability — are underpinned by a comprehensive compliance framework that governs our people, processes, premises and technology to keep your systems safe as per the NHS Data Security & Protection toolkit.

With infrastructure located in secure UK data centres, our services are protected by our specialist cyber security operations centre and assessed against recognised international standards that require regular audits, assessments and inspections by certification bodies, regulators and accreditors.

Independent certifications

We operate our platform in accordance with industry best practices and have achieved numerous independent certifications

Key standards for healthcare

When planning new digital solutions within the healthcare sector, there are three important standards to consider regarding security, access, permissions and controls.
  • Minimum Cyber Security Standard
  • Digital, Data and Technology Standards
  • Data Security & Protection Toolkit (DSPT)
  • Key Standards and Guidance for Healthcare

    Read more
  • Data Governance in the Healthcare Sector

    We have developed and implemented a comprehensive information security and data protection framework which provides our healthcare customers and partners with credible assurance material.

    Read PDF
  • The Data Security and Protection Toolkit

    The National Data Guardian, Dame Fiona Caldicott, has compiled and recommended a framework which will be applicable to all health and care organisations.

    The Data Security and Protection Toolkit (DSPT)
  • Heritage of Government Accreditation

    We have unparalleled heritage working with NHS Digital (and previously HSCIC) as well as the National Cyber Security Centre (NCSC, previously CESG) and maintains the people, process, premises and technology controls that enabled our platform to be one of the few to have achieved Pan Government Accreditation to IL3 (IL4 by aggregation) and to connect natively to the Health and Social Care Network (HSCN).

    We are fully aligned with the NCSC Cloud Security Principles and the Data Security & Protection Toolkit (DSPT) – and provide transparency of our security operations that are designed to meet the needs of even the most stringent accreditors and Chief Information Security Officers (CISO/SIRO).

    Our services have been externally validated by various UK Government accreditors and assessors, including the National Cyber Security Centre (NCSC), the Home Office (PASF), NHS and MoD.

    Approved NHS Procurement Frameworks

    We have long been a Crown Commercial Services approved supplier to the G-Cloud Framework (from inception) and have specifically developed our terms and conditions to be wholly compliant with public sector procurement practices. We’ve gained approval to provide our services via a number of other public sector procurement frameworks including; NHS SBS Cloud Solutions Framework, Technology Services 2, Digital Outcomes & Specialists 4, Data & Application Solutions, Scottish Government Cloud Services Framework, YPO Data Centres & Cloud Hosting Framework and YPO Technology Hardware & Software

    Information Security & Governance

    We take information security seriously and ensure our people, processes, premises and technologies are governed for compliance
  • Information Security Management (ISO27001)
  • Security Controls for Cloud Services (ISO27017)
  • Personal Data in the Cloud Security (ISO27018)
  • Cyber Essentials Plus
  • HIPAA Compliant
  • General Data Protection Regulation (GDPR)

    The UK Data Protection Act 2018 (incorporating the requirements of the EU General Data Protection Regulation 2016/679 “GDPR”) replaced the previous Data Protection Act 1998 from 25th May 2018. This new legislative framework represents a significantly more comprehensive approach to the protection of personal data, harmonising the data protection rights for individuals throughout the European Union and aligning existing regulatory controls across each country.

    Our approach to GDPR compliance builds on our mature and proven approach to risk management and compliance. All our services are regularly risk assessed and we’ve completed detailed Data Protection Impact Assessments (DPIA) as required by Article 35 of GDPR. We’ve long had our own formally certified Data Protection Officer who is responsible for maintaining our status as a demonstrably compliant Service Provider – including overseeing our regular independent IT Security Health Checks in line with GDPR Article 25. And we provide a GDPR Evidence Pack which gives you assurance that UKCloud is ‘demonstrably compliant’.

    Sustainable cloud services

    Our services are certified CarbonNeutral® Cloud Services. To maintain our certified CarbonNeutral® status, we work with Natural Capital Partners, a world-leading provider of carbon reduction solutions, to measure and reduce our carbon footprint to net zero. This approach demonstrates UKCloud’s commitment to the pro-active management and effective control of the environmental impact of all our business activities.

    UKCloud Health customers receive a monthly carbon offset certificats which confirms that an independent greenhouse gas assessment has been conducted, and that the carbon emissions which resulted from their consumption of UKCloud Health services have been reduced to net zero by us through verified, high-quality carbon credits, at no extra cost to the customer.

    Our customers can use these certificates to provide evidence of adoption of environmental best practices. In addition, the carbon offset itself can support customers as they strive to achieve their greening ICT commitment to reduce greenhouse gas emissions by 25%.


    A comprehensive compliance framework which encompasses quality and IT service management
    Quality Management (ISO9001)

    Our established Quality Management System, certified to ISO9001, delivers robust, effective policies and processes, enabling all parts of the organisation to function efficiently and in a controlled manner.

    We are committed to understanding each customer’s requirements, delivering their agreed solutions on time and to budget, and ensuring their expectations are exceeded, so that we can report the highest levels of customer satisfaction (as regularly measured by our Net Promotor Score).

    IT Service Management (ISO20000)

    We believe that the IT Infrastructure Library (ITIL) represents best practices in the field of IT Service Management, and have aligned our service management processes with the ITIL v3 process framework.

    Our customers can be assured that their contact will be with experienced individuals who have a thorough understanding of our ITIL-aligned processes. Many of our employees are ITIL certified to either Practitioner or Expert level.

    We’re here to help

    1. We talk the language of data privacy and information assurance.

    2. We have a dedicated team of experts with the necessary skills to help you.

    3. We help you understand our approach to assurance and how to achieve information governance quickly and efficiently.