Home Legals & Data Data Security

Data Security

Last updated on May 08, 2025

Data security 

Data protection by design and default is one of our core competencies and we follow industry best practices when deploying our platforms. We are compliant with the NHS Data Security and Protection Toolkit, Cyber Essentials accredited, ICO registered and work with GDPR practitioners to ensure we meet information governance requirements. We maintain a strong security posture and work with partners in information security to have all of our applications independently penetration tested and quality assured.

Data Storage

All data is stored within the UK by AWS.

NHS Data Protection and Security Toolkit (DPST)

Exceeded rating (ODS: 8J465)

Penetration Testing

We undergo annual penetration testing on all external aspects of Medic One. These tests are performed by 2 | Sec, a CREST accredited cyber security partner. 

NHS Secure Email

DCB1596 certified on an annual basis (NHS secure email standard)

CE Plus

Certified by IASME

GDPR & DPA

Full GDPR and DPA compliance