Data Security

At Be-Informed, data security is integral to our platform. We are committed to protecting patient and clinician information through robust technical safeguards, strict access controls, and alignment with recognised standards.

Technical Safeguards

We implement the following technical measures to ensure data protection:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using AES-256 protocols.
• Secure Hosting: Data is stored on UK-based servers compliant with ISO 27001, NHS Digital standards, and GDPR.
• Penetration Testing: Regular independent testing ensures continued security and integrity.
• Backups: Secure, encrypted backups are taken regularly to prevent data loss.

Access and Audit Controls

Access to data is tightly controlled and monitored:

• Role-Based Access: Only authorised users can view or edit data, based on their role.
• Two-Factor Authentication: Required for all clinical users.
• Audit Trails: All access and actions are logged for full traceability.

Regulatory Compliance

We align our practices with national standards and ongoing certifications:

• Fully compliant with the UK GDPR
• Aligned with the NHS Data Security and Protection Toolkit
• Progressing toward Cyber Essentials Plus certification

Data Governance

Our data governance approach is rooted in privacy by design:

• Data Minimisation: We only collect what is necessary for clinical or operational use.
• No Unauthorised Sharing: Data is never shared with third parties without legal basis or user consent.
• Caldicott Principles: All use of identifiable information is justified, necessary, and proportionate.
• User Rights: Users may request access to, correction of, or deletion of their data where appropriate.