Data security and confidentiality at HIC

On this page

HIC’s first priority is to address information governance, data security and confidentiality issues.

All services provided by HIC are delivered within an ISO 27001 certified secure environment to ensure data is managed safely and in compliance with Data Protection legislation.


The British Standards Institution

BSI ISOIEC 27001 logos, black and white, with a purple UKAS logo.

Information security management certified by The British Standards Institution

Download ISO 27001 certificate

Data Security and Protection Toolkit (DSPT)

HIC have successfully completed the essential DSPT assessment against the National Data Guardian’s 10 stringent data security standardT)

Organisation details

Key HIC security measures

IT Security

  • Network separation between data & data users.
  • Secure environments for HIC staff and users.
  • Backup & off-site copies.

Identifiable Data

  • Identifiable data receive into HIC is encrypted, stored and processed in a secured environment on the NHS network, accessible only to HIC technical staff who hold Honorary NHS contracts.

Data requests and releases

  • All data requests and releases, along with copies of all necessary approvals, are stored on the HIC Project Management System.

HIC processes


  • HIC are inspected by an external auditor annually as part of the ISO27001 accreditation. HIC carry out internal audits on a quarterly basis.

Data Users

  • Researchers and other data users work within the HIC Safe Haven and sign a HIC Data User Agreement.
  • Data users are only provided with de-identified data, unless project-specific approval is obtained by NHS Caldicott Guardian.

HIC Governance

  • The HIC Governance Committee, chaired by the NHS Tayside’s Senior Clinical Research Governance Manager, reviews the audit report, SOPs and any adverse events, recommending improvements to HIC processes and information governance.