Security, governance and compliance
The principles of information security require that all reasonable care is taken to prevent inappropriate access, modification or manipulation of data from taking place. Life QI, together with our hosting partners, have best practice measures in place to protect the confidentiality, integrity and availability of your data at all times.
We take this responsibility very seriously and are constantly working to ensure not just compliance with the law but that we support you in complying with any pertinent organisational information governance (IG) policies. As such we have robust controls in place to maintain security and data protection.
As Life QI started out in the UK, the IG measures in place have been largely driven by NHS IG policy. However the security and IG measures are continually reviewed to ensure we stay abreast of emerging best practice and compliant with legislation.
The web hosting infrastructure that Life QI runs on is compliant with the following best practice standards, laws and regulations:
- Data Protection Act 1998
- General Data Protection Regulation (GDPR)
- ISO27001 - Information Security Management Standard
- ISO27017 - Cloud Specific Controls
- ISO27018 - Personal Data Protection
- Cyber Essentials Plus - A UK Government-backed, industry-supported certification scheme introduced in the UK to help organisations demonstrate operational security against common cyber-attacks.
- SOC 1/2/3 - Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how key compliance controls and objectives are achieved.
The data security and IG measures in place are there not just to protect the confidentiality, integrity and availability of your data but also to support you in complying with your organisation's IG processes and policies. You as a user of Life QI have certain responsibilities to ensure your use of the system complies with both the law and your organisation's IG policies.
Further details of how we support you in complying with your organisation's policies is covered in the next section.
Supporting your organisation's IG policies
Life QI is hosted on secure web based infrastructure providing users not just the peace of mind that their data is secure but also the controls to themselves decide how they wish to use the system and share data. This model of shared responsibility for IG requires us as the service provider, and you as the user, to both play our parts in ensuring compliance and best practice in how Life QI is used.
It is ultimately the responsibility of each and every user to ensure their use of Life QI is appropriate and compliant not just with the law but also with any policies and agreements that the user is party to. The functionality is available for users to share data in accordance with any pertinent policies and agreements that they are party to and it is the responsibility of the users to act accordingly in their use of the functionality provided to manage the sharing of data.
Quality and integrity
The quality and integrity of the data entered into the system is the responsibility of the user entering it and ownership of that data resides with the originating party. Users and organisations are not permitted to publish, sell or distribute data that they do not own without the permission of the originating party.