Security

Our customers trust us with highly confidential and sensitive information, vital patient data, local government data and regulatory forms are just a few of the essential data our customers work with. We take that responsibility very seriously. Every year we invite some of the most gifted and devious penetration testers to try and break our technology and solutions. We’ve never failed. With full 256 bit AES encryption and native development that takes full advantage of its built-in security features – we’ve got you covered.

 

We take our security extremely seriously, so we invest in the most up-to-date security procedures possible. We are internationally recognised and externally certified to ISO27001 Standard and have been since October 2015. It recognises the standard for the implementation and maintenance of an Information Security Management System (ISMS).

Because our customers trust us with their confidential and sensitive information, we make sure that our data protection is paramount, we are registered with the ICO (Information Commissioner’s Office) as a Data Processor and Controller – confirming that we adhere to the requirements and principles of the Data Protection Act. To date there has been no breaches requiring escalation to the ICO nor have any issues warranted investigation or litigation.

Have you heard about the new requirements of the GDPR (General Data Protection Regulation), we are on track and will be ready for the changes by the time it is fully enforced in May 2018.

 

When it comes to the NHS and patients we work closely with our customers to ensure that they have the tools they need to do more of the work that matters. Our job is to protect that work. We operate within strict guidelines and ensure our compliance is up to standard.

  • NHS Information Governance – The NHS Information Governance framework outlines how personal sensitive health data should be protected in terms of logical, physical, procedural and personnel controls. Totalmobile comply to the framework as a third-party supplier to the NHS.
  • We submit annual assessments to ensure ongoing adherence to the framework requirements. Our last submission was rated as Level 3 in all control areas, providing a 100% compliance score. 
  • As an extension of our IG compliance, in combination with our other security certifications, we are registered with NHS Digital for IGSoC and the more recent HSCN Connection Agreement to NHS systems.
  • SCCI0129 Clinical Risk Management  The NHS Digital standard governing clinical risk assessment and management with regards to the development and implementation of health systems. Compliance to this standard requires review and sign-off from a qualified clinician.
  • The application of the standard involves consideration of system design, features and accompanying development, deployment and support activities within the context of mitigating identified clinical risk. Our compliance to the standard was confirmed and signed-off in January 2016.