How is confidentiality maintained?

This is achieved through a number of organisational and technical measures. These measures apply to both sensitive commercial information and personal data, especially patient information.

Technical Measures

Each client's administrative and sensitive commercial data are kept separate, in PGP encrypted disks. PGPdisk provides strong encryption, preventing unauthorised access to data, even with administrator rights to the PC. This protects against scenarios such as laptop theft, and also prevents unauthorised access by staff.

Additionally, data in use is only in unencrypted format whilst in memory, preventing the possibility of "scavenging" disks for unencrypted data. PGP products meet all current security requirements, including those stipulated by CfH.

Firewalls (software and hardware) are installed and correctly configured, along with up to date anti-spyware protection to fully minimise the risk of compromise or malicious damage.

Organisational Measures

Only key staff processes sensitive commercial data. Services are run such that staff providing company administration functions (eg marketing, accountancy, secretarial, etc) are not exposed to sensitive commercial or personal data.

Cypher product development staff (eg programmer analysts, etc) are also not exposed to sensitive commercial data. However they may use sensitive personal data (such as patient identifiable information) in the course of their job. This is covered under our registration with the data protection act.