HIC achieve independent Security Certification ISO270001

Group photograph of HIC staff holding the Security Certificate

The University of Dundee's Health Informatics Centre (HIC) has been awarded a sought-after information security certification.

The ISO27001:2013 certificate is an internationally recognised ‘gold standard’ in information security. Organisations hoping to achieve the certificate are required to pass an intensive audit of their data management process, hardware, computer systems and security policies.

Even after the award is signed off by Certification Europe, further external audits are carried out every six months to ensure standards in data management are maintained and improvements made where appropriate.

HIC received its information security management system certificate earlier this month.

As a support unit within the Tayside Medical Science Centre, HIC works in collaboration with NHS Tayside and NHS Fife to collect and manage sensitive health data for research. It is hoped this new certification will help position the Centre as an example of best practice in the industry -- ensuring providers like the NHS are comfortable their data is being handled securely and appropriately.

Tayside Medical Science Centre is part of the Academic Health Science Partnership in Tayside (AHSP), which brings together University of Dundee and NHS Tayside to improve the health of the population through advancement of health research, education of healthcare professionals and improved quality & safety of healthcare services.

“The certification is an important achievement for the Health Informatics Centre and also the University of Dundee,” said Dr. Emily Jefferson, Director of HIC.

“We were delighted to pass the stringent audit of our data management systems and to see HIC’s security practices independently recognised.”

Graeme Hunter, lead auditor for Certification Europe, said:

"Achieving ISO27001:2013 certification is no simple task. HIC's dedication to reducing information security risk is clearly demonstrated through their risk management and adoption of appropriate policies, processes and procedures.” 

“There is no end point in place. HIC will be required to show continual improvement of their information security management system over time. All HIC employees contribute to this process and they all can be justifiably proud of their hard work and commitment.”

HIC provides research services as part of Farr @ Dundee, a collaborator within Farr@Scotland.

In the future, HIC also aims to be a Scottish Government recognised 'Accredited Safe Haven'.