Sensitive health data requires more than contractual assurances, it requires independently verified, continuously maintained security controls. The Aridhia DRE holds ISO 27001, ISO 27701, HITRUST, Cyber Essentials Plus, and NHS DSPT accreditation, with annual audits and a full programme of operational security measures in place.
Aridhia is committed to protecting and respecting the privacy and the security of your data. We look after your data carefully and are very open about what provisions we have put in place to ensure your data is protected to help you meet your compliance obligations under UK and EU law, international standards, and sector-specific standards.
Aridhia’s General Counsel acts as our Data Protection Officer and Compliance Officer, ensuring that the company is aligned to all internal and external policies, laws and regulations. The General Counsel is also a member of the company board.
Our Information Security manager is responsible for the day to day operational security, risk management and incident management, reporting into the COO.
Our Security Review Board provides oversight and direction relating to information security across all aspects of the Company.
Aridhia achieves compliance with GDPR through the implementation of policies and processes which ensure that:
In developing the DRE, Aridhia follows the OWASP Top 10 guidelines and uses tools to ensure our software complies with the OWASP best practice framework and that a “security by design” approach is followed.
We have many measures in place to ensure we follow a secure software development process, including:
Aridhia’s services are hosted within the Microsoft Azure cloud platform in the relevant country/region of your choice. Azure has all relevant information security and cloud certifications, including ISO 27001, ISO 27701 and CSA STAR.
All instances of the Aridhia DRE are deployed for specific customer organisations who may adapt our information governance framework to suit their needs. Aridhia is always the data processor and the customer remains the data controller. Your use of the DRE is also governed by an agreement with that customer organisation.
Aridhia completed the ISO 27001 certification in June 2019, maintaining this certification through multiple audits and has now also achieved an ISO 27701 certification as of June 2022.
The Aridhia DRE has been designed to provide a secure and trusted research environment which meets the needs of research communities. It is built and maintained according to international standards and best practices for Trusted Research Environments / Secure Data Environments.
Within the DRE, security controls include:
For public and customer requests relating to security or privacy, or if you wish to report a suspected issue or vulnerability, the details of our Service Desk and OSOs can be found below.