When selecting a new digital care planning platform, information security should be a key consideration for making sure the platform is suitable and secure for your care service. From GDPR requirements for data processing and controlling, data backups and who can access data, to accreditations such as ISO and Cyber Essentials Plus, there are a host of things to consider when using a new platform. We’ve put together this guide to help you make sense of it all and how Nourish goes above and beyond to ensure data in the system is protected to the highest level.
GDPR: the underpinning of data security
The General Data Protection Regulations “GDPR” is embedded as part of everything we do at Nourish and we continually review and improve our processes to ensure best practice and compliance with the regulations. This includes; vetting suppliers for their own data practices, data sharing agreements with integration partners, Data Protection Impact Assessments and improving data security for our customers in every way we can. Nourish’s compliance with GDPR is monitored and audited as part of the below certifications.
ISO 27001:2022 Information Security Management Systems – an internationally recognised standard of data security
In 2019, Nourish became one of the first digital care planning providers to implement and obtain a UKAS accredited ISO 27001 certification. In November 2023, Nourish transitioned to the latest 2022 version of the standard, giving confidence to all our current and potential customers that we have the latest and best processes in place to protect information across our entire organisation.
ISO 27001:2022 provides organisations with a framework and controls to protect their information in a systematic and cost-effective way, through the adoption of an Information Security Management System (ISMS). This accreditation underpins our security at Nourish; with annual external audits, monthly training sessions, regular meetings to discuss ISMS issues and managerial buy-in to the processes, to ensure our continuous improvement of security. The requirements for accreditation are stringent and based on three security principles:
- Confidentiality – ensuring that information remains confidential is a key priority in everything we do.
- Integrity – the data we hold must be accurate. This is vital in ensuring we can help our customers to provide the best care to those they support in the platform.
- Availability – information is only able to help in providing care when available to the customer.
Nourish achieves these three principles by the implementation of the 93 controls across; organisational, people, physical and technical themes that make up the latest standard, ensuring that Nourish has thoroughly considered risks and has treatment plans in place to mitigate them.
Implementing a certified information management system such as ISO 27001:2022 has enabled Nourish to work in the safest and most efficient way.
Cyber Essentials Plus: protection against online threats
As a company providing software, Cyber Security is often a topic for conversation. How do we protect ourselves further, can we make improvements, what is new that we need to protect against?
Nourish has achieved and maintains the Cyber Essentials Plus certification, adding to our Data Security certifications which work alongside our ISO 27001:2022 certified Information Security Management System. This ensures the safety and security of all data at Nourish and helps to prevent being an easy target for hacking or phishing schemes. To find out more about what you can do to protect your care service from phishing emails read our blog here.
Cyber Essentials is a government-backed scheme aimed towards preventing attacks from the outside. Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme, it includes a thorough exploration of security systems, experts carrying out vulnerability tests on an annual basis.
Gaining the Cyber Essentials Plus certification is a key part of being able to offer our customers, partners and suppliers’ complete confidence in our ability to handle their data and keep it secure.
Data backups: keeping your data safe
Holding data requires storage, Nourish backs up data continuously to a cloud-based system. Nourish does not use onsite data stores and all cloud-provided solutions are backed up automatically and built into our disaster recovery plan and testing.
Continuously improving processes
The accreditations above are just some of the ways Nourish ensures sensitive information and personal records are kept secure and protected and allows us to stay on top of data protection and Information Security.
Nourish continuously improves its data and cyber security to keep ahead of security improvements and recommendations to limit the chance of breaches or attack. Our main aim is to keep all data safe, accurate and available at all times.
To find out more about information security management and our digital care management platform – click here to book a demo