( read )

This is IG & we care

Topics: Building a solution

Data security and information governance (IG) may sound like a yawn-inducing topic to some but for a health tech company like us, it remains at the core of all our tech. When designing and reiterating our product, IG is a strict consideration from the very beginning.

Our product team are trained in clinical safety and we have a data protection officer who, together with the founders, ensures everyone at DrDoctor understands the undeniable responsibility that exists around data. In this way, risk is always managed proactively, and our data is always secure.

We use Microsoft Azure to manage our data as they have world-class security over their infrastructure. Using Azure has given us the right tools to build our product in the most secure way. They monitor our development in a constant feedback loop, and alert us immediately if anything looks suspicious. Microsoft Azure also provide us with an official security best practice score; this score updates every time we deploy new versions, and every time they update new security features. This way we can constantly monitor that our infrastructure is adhering to the latest industry best practice.

We challenge ourselves annually by Cyber Essentials Plus who test and certify our security levels and ensure we keep up with the high standards we set ourselves (and to strengthen security further).

We are also active members of the Cyber Security Information Sharing Partnership (CiSP), run by GCHQ’s National Cyber Security Centre. This is a private group of industry and government bodies which exchanges cyber threat information in real time. This gives us early warning of cyber threats, allows us to learn from the experience of others and improves our ability to protect the company network.

Taj Sallamuddin, the DrDoctor Data Protection Officer says:

At DrDoctor, we know, understand and appreciate the importance of robust data management. Through having appropriate policies, procedures and technical controls, or otherwise known as “IG”, we ensure there are necessary checks and balances in place to uphold lawful use and security of data.

IG is understandably a main concern for the NHS when it comes to approving and supporting innovation. We completely agree and share this priority with our NHS partners. Furthermore, we would like to take on the responsibility of ensuring critical NHS data remains secure, safe and protected, so that our healthcare partners can focus on their very important job of looking after patients.

You can read more on our attitude to data protection on our founder & CTO Perran’s blog on How not to screw up GDPR.