Data Security & Compliance
Security on all our systems and processes
Cyber Essentials Plus
Data Security & Protection Toolkit
G-Cloud 14
Blueteq Hardware & Software Architecture Explained.
This video explains how the Blueteq systems are hosted and delivered via a secure datacentre location near to our offices in Hampshire
Data Security and Protection
We have nearly 20 years experience of supplying web-based systems that contain patient identifiable data to the NHS. Our first priority is the security of that patient data. It overrides all other concerns in our role as a "Data Processor". Here is the list of the measures that we take to ensure that your data remains safe and only those with the appropriate authorisation can gain access.
Blueteq have attained both the Cyber Essentials and Cyber Essentials Plus accreditation.
Blueteq carries out an annual audit using the DSP toolkit and exceeds all standards, (https://www.dsptoolkit.nhs.uk/OrganisationSearch). The results of this audit are available for inspection. Search for "8HR52"
The authentication protocol contained in the system enforces password renewal every 90 days, strong passwords, account lockout on 5 unsuccessful logins, and all login attempts are logged, successful or otherwise.
Blueteq is registered with the Information Commissioners Office for the purposes of the Data Protection Act. Our ICO registration number is Z2946230. Our entry can be inspected at https://ico.org.uk/esdwebpages/search.
- Personal Identifiable Data
- Sensitive Personal Data
- Employee data
- Financial data
- IT Systems security data
Our data hosting provision is located in a Tier 4 Secured Data Centre near our offices in Hampshire, UK. No data is stored outside of the UK. The datacentre holds the current ISO27001 certification.
Our client systems are delivered using HTTPS as standard. It utilises the minimum TLS 1.2 handshake that establishes an encrypted link between our servers and the Client PC (TLS 1.0 and 1.1 are disabled). The link is then secured using the AES 256 bit encryption protocol.
All client data at rest is encrypted using Transparent Data Encryption (TDE)
The system is subject to a rigorous on-site/off-site back up routine to ensure data is not lost in the event of disaster recovery.
All software and operating systems associated with the solution and its network environment are continually maintained to the latest security patch levels within 14 days of release.
Our systems undergoes an annual Security Penetration Test (application and network), carried out by a CREST qualified Security Consultant.
Our resilient multi-firewalls solution protects the systems from:
- Denial of service attacks
- Malicious probes
All of our systems support Multi-Factor Authentication using either Microsoft or Google Authenticator. If the user has no access to these apps, email can be used for verification.
All staff follow strict security protocols when supporting systems containing patient identifiable data and are updated when processes are reviewed to maintain best practice. All employment contracts contain a section on their responsibilities regarding the security of patient data.
This Privacy Statement relates to Blueteq Ltd's activities as a Data Controller and lays down its responsibilities for the protection of the data of its staff and customers.
