Nourish Logo
Toolkits 11th August 2022

Why information security management is important for your care service

By Sarah Jenkins

When selecting a new digital care planning platform, information security should be a key consideration for making sure the platform is suitable and secure for your care service. From GDPR requirements for data processing and controlling, data backups and who can access data, to accreditations such as ISO and Cyber Essentials Plus, there are a host of things to consider when using a new platform. We’ve put together this guide to help you make sense of it all and how Nourish goes above and beyond to ensure data in the system is protected to the highest level. 

GDPR: the underpinning of data security

The General Data Protection Regulations “GDPR” is embedded as part of everything we do at Nourish and we continually review and improve our processes to ensure best practice and compliance with the regulations. This includes; vetting suppliers for their own data practices, data sharing agreements with integration partners, Data Protection Impact Assessments and improving data security for our customers in every way we can. Nourish’s compliance with GDPR is monitored and audited as part of the below certifications. 

ISO 27001:2022 Information Security Management Systems – an internationally recognised standard of data security

In 2019, Nourish became one of the first digital care planning providers to implement and obtain a UKAS accredited ISO 27001 certification. In November 2023, Nourish transitioned to the latest 2022 version of the standard, giving confidence to all our current and potential customers that we have the latest and best processes in place to protect information across our entire organisation.

ISO 27001:2022 provides organisations with a framework and controls to protect their information in a systematic and cost-effective way, through the adoption of an Information Security Management System (ISMS). This accreditation underpins our security at Nourish; with annual external audits, monthly training sessions, regular meetings to discuss ISMS issues and managerial buy-in to the processes, to ensure our continuous improvement of security. The requirements for accreditation are stringent and based on three security principles: 

  • Confidentiality – ensuring that information remains confidential is a key priority in everything we do. 
  • Integrity – the data we hold must be accurate. This is vital in ensuring we can help our customers to provide the best care to those they support in the platform.
  • Availability – information is only able to help in providing care when available to the customer. 

Nourish achieves these three principles by the implementation of the 93 controls across; organisational, people, physical and technical themes that make up the latest standard, ensuring that Nourish has thoroughly considered risks and has treatment plans in place to mitigate them.

Implementing a certified information management system such as ISO 27001:2022 has enabled Nourish to work in the safest and most efficient way.

Cyber Essentials Plus: protection against online threats

As a company providing software, Cyber Security is often a topic for conversation. How do we protect ourselves further, can we make improvements, what is new that we need to protect against? 

Nourish has achieved and maintains the Cyber Essentials Plus certification, adding to our Data Security certifications which work alongside our ISO 27001:2022 certified Information Security Management System. This ensures the safety and security of all data at Nourish and helps to prevent being an easy target for hacking or phishing schemes. To find out more about what you can do to protect your care service from phishing emails read our blog here.

Cyber Essentials is a government-backed scheme aimed towards preventing attacks from the outside. Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme, it includes a thorough exploration of security systems, experts carrying out vulnerability tests on an annual basis. 

Gaining the Cyber Essentials Plus certification is a key part of being able to offer our customers, partners and suppliers’ complete confidence in our ability to handle their data and keep it secure. 

Data backups: keeping your data safe

Holding data requires storage, Nourish backs up data continuously to a cloud-based system. Nourish does not use onsite data stores and all cloud-provided solutions are backed up automatically and built into our disaster recovery plan and testing.  

Continuously improving processes

The accreditations above are just some of the ways Nourish ensures sensitive information and personal records are kept secure and protected and allows us to stay on top of data protection and Information Security. 

Nourish continuously improves its data and cyber security to keep ahead of security improvements and recommendations to limit the chance of breaches or attack.  Our main aim is to keep all data safe, accurate and available at all times. 

To find out more about information security management and our digital care management platform – click here to book a demo

Related articles

Communication and Family Partners
18th July 2024 Altra: Communication and Family Engagement
Feedback and Surveys Partners
15th July 2024 Altra: Feedback and Surveys
Gherkin Customer Conference Events & Talks
11th July 2024 Nourish Customer Conference: The Gherkin
Altra Partners
4th July 2024 Altra: Activities and Wellbeing