In November 2017, The University of Manchester’s Health eResearch Centre (HeRC) was audited by Lloyd’s Register Quality Assurance (LRQA), with the aim of achieving the information security best practice accolade of ISO 27001 for its Trustworthy Research Environment (TRE). Today, the Centre has received confirmation that it has been awarded certification to confirm that LRQA considers HeRC to have a robust approach to information security.
ISO 27001 is the international standard for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. The certification demonstrates that HeRC is following information security best practice.
To undergo the process, a large number of thorough procedures were put in place to fulfil the requirements, with many employees undergoing training and fastidiously reviewing information to gain full awareness of processes with the Centre.
Niels Peek, Professor of Health Informatics and Director of Greater Manchester Connected Health Cities said:
“We are extremely pleased to have gone through this audit and to have been granted the ISO 27001 certification. It confirms that health data can be safely shared for research through our Trusted Research Environment. This is essential to enable advanced data science with health data that is routinely collected within the NHS.”
Gaining ISO27001 has already enabled data sharing with NHS Digital and Salford Royal NHS Foundation Trust, allowing secure data analytics projects to take place. The certification cements HeRC’s best practice approach to research with data, and helps to maintain its position as a leading group in health informatics research.