Blueteq carries out an annual audit using the DSP toolkit and exceeds all standards, (https://www.dsptoolkit.nhs.uk/OrganisationSearch). The results of this audit are available for inspection. Search for "8HR52"

The authentication protocol contained in the system enforces password renewal every 90 days, strong passwords, account lockout on 5 unsuccessful logins, and all login attempts are logged, successful or otherwise.

Blueteq is registered with the Information Commissioners Office for the purposes of the Data Protection Act. Our ICO registration number is Z2946230. Our entry can be inspected at https://ico.org.uk/esdwebpages/search.

1. Personal Identifiable Data
2. Sensitive Personal Data
3. Employee data
4. Financial data
5. IT Systems security data

Our data hosting provision is located in a Tier 4 Secured Data Centre near our offices in Hampshire, UK. No data is stored outside of the UK. The datacentre holds the current ISO27001 certification.

Our client systems are delivered using HTTPS as standard. It utilises the minimum TLS 1.2 handshake that establishes an encrypted link between our servers and the Client PC (TLS 1.0 and 1.1 are disabled). The link is then secured using the AES 256 bit encryption protocol.

All client data at rest is encrypted using Transparent Data Encryption (TDE) 

The system is subject to a rigorous on-site/off-site back up routine to ensure data is not lost in the event of disaster recovery.

All software and operating systems associated with the solution and its network environment are continually maintained to the latest security patch levels within 14 days of release.

Our systems undergoes an annual Security Penetration Test (application and network), carried out by a CREST qualified Security Consultant. 

Our resilient multi-firewalls solution protects the systems from:

• Denial of service attacks
• Malicious probes

All of our systems support Multi-Factor Authentication using either Microsoft or Google Authenticator. If the user has no access to these apps, email can be used for verification. 

All staff follow strict security protocols when supporting systems containing patient identifiable data and are updated when processes are reviewed to maintain best practice. All employment contracts contain a section on their responsibilities regarding the security of patient data.

This Privacy Statement relates to Blueteq Ltd's activities as a Data Controller and lays down its responsibilities for the protection of the data of its staff and customers.