Our customers trust us with highly confidential and sensitive information, vital patient data, local government data and regulatory forms are just a few of the essential data our customers work with. We take that responsibility very seriously. Every year we invite some of the most gifted and devious penetration testers to try and break our technology and solutions. We’ve never failed. With full 256 bit AES encryption and native development that takes full advantage of its built-in security features – we’ve got you covered.
We take our security extremely seriously, so we invest in the most up-to-date security procedures possible. We are internationally recognised and externally certified to ISO27001 Standard and have been since October 2015. It recognises the standard for the implementation and maintenance of an Information Security Management System (ISMS). We are also accredited to Cyber Essentials the UK government information assurance scheme operated by the National Cyber Security Centre (NCSC) that encourages organisations to adopt good practice in information security.
Because our customers trust us with their confidential and sensitive information, we make sure that our data protection is paramount, we are registered with the ICO (Information Commissioner’s Office) as a Data Processor and Controller – confirming that we adhere to the requirements and principles of the Data Protection Act. To date there has been no breaches requiring escalation to the ICO nor have any issues warranted investigation or litigation.
When it comes to the NHS and patients we work closely with our customers to ensure that they have the tools they need to do more of the work that matters. Our job is to protect that work. We operate within strict guidelines and ensure our compliance is up to standard.
- NHS Information Governance – The NHS Information Governance framework outlines how personal sensitive health data should be protected in terms of logical, physical, procedural and personnel controls. Totalmobile comply to the framework as a third-party supplier to the NHS.
- We submit annual assessments to ensure ongoing adherence to the framework requirements. Our last submission was rated as Level 3 in all control areas, providing a 100% compliance score.
- As an extension of our IG compliance, in combination with our other security certifications, we are registered with NHS Digital for IGSoC and the more recent HSCN Connection Agreement to NHS systems.
- SCCI0129 Clinical Risk Management – The NHS Digital standard governing clinical risk assessment and management with regards to the development and implementation of health systems. Compliance to this standard requires review and sign-off from a qualified clinician.
- The application of the standard involves consideration of system design, features and accompanying development, deployment and support activities within the context of mitigating identified clinical risk. Our compliance to the standard was confirmed and signed-off in 2019.