Information Governance

At Care Control, we're proud to have three different security certifications that prove we are committed to keeping our customer’s data secure at all times.

This Q&A page will answer most of the questions you have about how your data is held and how we look after it.

Our Security Certficates

ISO27001

Care Control Systems is very proudly ISO 27001 certified. ISO/IEC 27001:2017 (also known as ISO27001) is the international benchmark that sets out the specification for an information security management system (ISMS). Taking people and processes as well as technology into account, this practice approach helps organisations manage their information security on multiple levels.

The process for becoming ISO 27001 certified is very detailed and is repeated each year, to ensure continued compliance. Regular auditing ensures that the processes, policies and technology within our care software protect your data each and every day.

Cyber Essentials Plus

Care Control Systems is very proudly Cyber Essentials Plus Certified. Cyber Essentials Plus is an effective, government backed scheme that aims to protect organisations, of whatever size, from a whole range of cyber attacks.

This certification gives us peace of mind that our defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place. We have received this certification 3 years in a row displaying our commitment to customer and organisational security.

NHS Digital Social Care Records

Care Control is currently fully DSCR compliant with all 14 NHS DSCR standards. This milestone is a testament to our continuous commitment to providing the highest level of digital care management solutions that meet the rigorous standards set by the NHS.

We also use the NHS Data Security and Protection Toolkit (DSPT) to ensure that all records are kept securely and any personal data is handled correctly.

Questions & Answers

Is Care Control subject to any statutory audits?

We are always subject to regular statutory audits ensuring that we are always compliant with our certifications.

How are backups secured and stored?

We have multiple layers of backup protection in place, ensuring that your data is always secure and never lost. Our system provides continuous protection of backup data. Access to these backups is safeguarded by two-factor authentication and encryption keys, with regular quarterly tests to ensure their integrity.

Where is my data stored?

Data is stored in UK Based secure Data Centres in Worcester & Gloucester covered by 24/7 engineer monitoring. Our centres have a tier 4 accreditation from the Uptime Institute designed to the highest levels of ‘fault-tolerant’ with redundancy for every component, continuous cooling, secure compartmentalisation and an expected up time of 99.999% all accredited to ISO27001 standard.

How is sensitive data, including personal details, protected?

We use an advanced encryption system to protect sensitive and personal data at all times with our system requiring two-stage access with multiple layers of authentication to enhance security even further.

How can I be sure that my device is secure?

Even if you are on your own device we ensure that the connection between it and our database is secured via HTTPS, an SSL Certificate and 256-bit encryption, ensuring data protection and confidentiality..

What happens if there is a breach of security?

If anything was to happen to the data we follow a strict process to ensure you are informed within 24 hours of any breach. We also provide a description of the breach, the data that is affected, discovery time, potential risks and mitigation measures. We also comply with all reporting obligations to the Information Commissioner’s Office and cooperate fully with any investigation.

What is DSCR?

We have a full page on understanding DSCR you can view here.

Are you able to share your Business Continuity Plan?

While we’re unable to share our full Business Continuity Plan as it is a confidential internal document, I can confirm that Care Control has a robust Business Continuity Plan in place. This is reviewed and audited annually as part of our ISO 27001 certification.

Our plan includes a range of scenarios that are tested periodically to ensure operational readiness. In the event of a business continuity incident, our Senior Management Team would be mobilised to implement the appropriate steps from our plan. This may include proactive communication with customers, providing guidance and updates as needed.

To support your own continuity planning, we recommend subscribing to our Status Page and ensuring our contact details are included in your business continuity documentation. This will help you stay informed of any service updates or incidents.

Dedicated to your data

We are dedicated to maintaining your trust through these stringent security measures and clear communication. Our commitment to your data security is not just about adhering to industry standards, it’s about looking after you and ensuring that you can be confident at all times knowing your data is secure when using Care Control.

If you have any further questions or need additional information, our team is always here to assist. Whether you require detailed explanations about our security practices, need support with specific concerns or simply want to understand more about how we protect your data, we are here to help.