Top Color:
Main Color:
Bottom Color:
Information Governance

Information Governance

We have 10 years experience of supplying web-based systems that contain patient identifiable data to the NHS.
Our first priority is the security of that patient data. It overrides all other concerns in our role as a "Data Processor".
Here is the list of the measures that we take to ensure that your data remains safe and only those with the appropriate authorisation can gain access.
The server farm that delivers our systems to the NHS is located in a Tier 4 Secured Data Centre built in 2011 near our offices in Hampshire.
Our systems do not utilise any form of “Cloud” technology so no data will ever be stored in any other facility and never outside of the UK.
Only trained Blueteq staff have access to the server farm where the system is housed. Access is gained to it using a combination of a person specific ID card and fingerprint biometric scanning.
The authentication protocol contained in the system enforces password renewal every 90 days, strong passwords, account lockout on 5 unsuccessful logins, and all login attempts are logged, successful or otherwise.
The system is delivered using a Secure Socket Layer that establishes an encrypted link between our servers and the Client PC. The link is secured using the AES 256 bit encryption protocol.
The system is subject to a rigorous on-site/off-site back up routine to ensure data is not lost in the event of disaster recovery.
the system undergoes an annual Security Penetration Test carried out by a CREST qualified Security Consultant using the Common Vulnerability Scoring System (CVSS version 2). This was passed and the last test summary stated that “External Access could not be gained to the system at either the infrastructure or the application level.” In other words, the test confirms that the system is secured from all current forms of external attack or “hacking”.
when working with the NHS, Blueteq has to undertake an audit of its activities relating to its security procedures and this is reported to the NHS Information Governance Tool Kit (https://www.igt.hscic.gov.uk/). The results of this audit are available for inspection on this website under the Reports section – Organisation Type “Commercial Third Party Supplier” and "8HR52" in the Look for Field. We achieved a score of 98% in our last audit against these rigorous standard.
Blueteq is registered with the Information Commissioners Office for the purposes of the Data Protection Act. Our ICO registration number is Z2946230. Our entry can be inspected at https://ico.org.uk/esdwebpages/search.
All staff follow strict security protocols when supporting systems containing patient identifiable data and are updated when processes are reviewed to maintain best practice. All employment contracts contain a section on their responsibilities regarding the security of patient data.
This Privacy Statement relates to Blueteq Ltd's activities as a Data Controller and lays down its responsibilities for the protection of the data of its staff and customers.
One More Question?

Please, if you have any further questions relating to our Information Governance processes or the security of our systems, please feel free to get in touch.


Get In Touch