Top Color:
Main Color:
Bottom Color:
Information Governance
Support / FAQ  >  Information Governance

Information Governance

We have 10 years experience of supplying web-based systems that contain patient identifiable data to the NHS.
Our first priority is the security of that patient data. It overrides all other concerns in our role as a "Data Processor".
Here is the list of the measures that we take to ensure that your data remains safe and only those with the appropriate authorisation can gain access.
Data Centre
The server farm that delivers our systems to the NHS is located in a Tier 4 Secured Data Centre built in 2011 near our offices in Hampshire.
No “Cloud” Delivery
Our systems do not utilise any form of “Cloud” technology so no data will ever be stored in any other facility and never outside of the UK.
Blueteq staff access only
Only trained Blueteq staff have access to the server farm where the system is housed. Access is gained to it using a combination of a person specific ID card and fingerprint biometric scanning.
Security Authentication and Audit
The authentication protocol contained in the system enforces password renewal every 90 days, strong passwords, account lockout on 5 unsuccessful logins, and all login attempts are logged, successful or otherwise.
System Encryption
The system is delivered using a Secure Socket Layer that establishes an encrypted link between our servers and the Client PC. The link is secured using the AES 256 bit encryption protocol.
System Data Protection
The system is subject to a rigorous on-site/off-site back up routine to ensure data is not lost in the event of disaster recovery.
Penetration Testing
the system undergoes an annual Security Penetration Test carried out by a CREST qualified Security Consultant using the Common Vulnerability Scoring System (CVSS version 2). This was passed and the last test summary stated that “External Access could not be gained to the system at either the infrastructure or the application level.” In other words, the test confirms that the system is secured from all current forms of external attack or “hacking”.
Information Governance Toolkit
when working with the NHS, Blueteq has to undertake an audit of its activities relating to its security procedures and this is reported to the NHS Information Governance Tool Kit (https://www.igt.hscic.gov.uk/). The results of this audit are available for inspection on this website under the Reports section – Organisation Type “Commercial Third Party Supplier” and "8HR52" in the Look for Field. We achieved a score of 98% in our last audit against these rigorous standard.
Data Protection Act Registration
Blueteq is registered with the Information Commissioners Office for the purposes of the Data Protection Act. Our ICO registration number is Z2946230. Our entry can be inspected at https://ico.org.uk/esdwebpages/search.
Blueteq Staff Security Training
All staff follow strict security protocols when supporting systems containing patient identifiable data and are updated when processes are reviewed to maintain best practice. All employment contracts contain a section on their responsibilities regarding the security of patient data.
Blueteq Privacy Statement
This Privacy Statement relates to Blueteq Ltd's activities as a Data Controller and lays down its responsibilities for the protection of the data of its staff and customers.
One More Question?

Please, if you have any further questions relating to our Information Governance processes or the security of our systems, please feel free to get in touch.


Get In Touch