Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Overview

Welcome to HealthRota Limited's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Compliance

Cyber Essentials Logo
Cyber Essentials
G-Cloud Logo
G-Cloud
GDPR Logo
GDPR
ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
NHS DSPT Logo
NHS DSPT
NHS DSPT (UK) Logo
NHS DSPT (UK)
AWS Qualified Software Logo
AWS Qualified Software
CISA: Secure-by-Design Pledge Logo
CISA: Secure-by-Design Pledge
Cloud Security Guidance Logo
Cloud Security Guidance
WCAG 2.2 AA Logo
WCAG 2.2 AA
Digital Technology Assessment Criteria Logo
Digital Technology Assessment Criteria

HealthRota Limited is reviewed and trusted by

University Hospitals Sussex-company-logoUniversity Hospitals Sussex
Buckinghamshire Healthcare NHS Trust-company-logoBuckinghamshire Healthcare NHS Trust
University Hospitals Dorset NHS Foundation Trust-company-logoUniversity Hospitals Dorset NHS Foundation Trust
Dorset County Hospital NHS Foundation Trust-company-logoDorset County Hospital NHS Foundation Trust
Dorset HealthCare-company-logoDorset HealthCare
Royal Free London NHS Foundation Trust-company-logoRoyal Free London NHS Foundation Trust
North Middlesex University Hospital NHS Trust
Doncaster and Bassetlaw Teaching Hospitals-company-logoDoncaster and Bassetlaw Teaching Hospitals
Nottingham University Hospitals-company-logoNottingham University Hospitals
West Herts Teaching Hospitals NHS Trust-company-logoWest Herts Teaching Hospitals NHS Trust
Gloucestershire Hospitals NHS Foundation Trust-company-logoGloucestershire Hospitals NHS Foundation Trust
Royal Berkshire NHS Foundation Trust-company-logoRoyal Berkshire NHS Foundation Trust
RUH Bath-company-logoRUH Bath
Stockport NHS FT-company-logoStockport NHS FT
Belfast Trust-company-logoBelfast Trust
Cardiff and Vale University Health Board-company-logoCardiff and Vale University Health Board
NHS Lothian-company-logoNHS Lothian

Documents

REPORTSData Flow Diagram (DFD)
REPORTSNetwork Diagram
REPORTSPentest Report
COMPLIANCECyber Essentials
COMPLIANCEDigital Technology Assessment Criteria
COMPLIANCEGDPR
COMPLIANCEISO/IEC 27001:2022
COMPLIANCENHS DSPT
PRODUCT SECURITYProduct Architecture
PRODUCT SECURITYService-Level Agreement
DATA SECURITYInformation Disclosure Protection
LEGALData Processing Agreement

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective24-48 hours
View more

Product Security

Audit Logging
Data Security (DSPT)
Integrations
View more

Reports

Data Flow Diagram (DFD)
Network Diagram
Pentest Report
View more

Self-Assessments

We are working on our security compliance. We can provide completed questionnaires upon request.

Data Security

Information Disclosure Protection
Sensitive Data Management

App Security

Application Penetration Testing
Credential Management
Software Development Lifecycle
View more

ESG

Anti-Modern Slavery
Carbon Neutrality
ESG In Business Practice

Legal

SubprocessorsAmazon Web Services (AWS)-company-logo
Cyber Insurance
Data Processing Agreement
View more

Data Privacy

Cookies
Data Into System
Data Out of System
View more

Access Control

Access is tightly monitored and controlled at our company. We are happy to provide more details about our access control practices upon request.

Infrastructure

Amazon Web Services
Anti-DDoS
Azure
View more

Endpoint Security

We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.

Network Security

We protect our corporate network against external & internal threats.

Corporate Security

Email Protection
Employee Training
HR Security
View more

Policies

Bring Your Own Device (BYOD) Policy
Data Protection Policy
Incident Response Policy
View more

Security Grades

We are constantly monitoring the security of our website. We will post our grades from public security rating agencies when they become available.

Incident Response

We have a dedicated team that responds to security incidents. We are happy to provide more details about our incident response practices upon request.

Risk Management

We have a dedicated team that manages security risks. We are happy to provide more details about our risk management practices upon request.

Asset Management

We have strict asset management policies in place to ensure that all assets are accounted for and secure.

BC/DR

Business Continuity Plan (BCP)

Training

We provide security awareness training to all employees to ensure that they are aware of security best practices.

Change Management

We have a change and configuration management process in place to ensure that changes are properly reviewed and approved.

Physical & Environment

We have physical and environmental controls in place to ensure that our data centers are secure and reliable.

Continuous Monitoring

We continuously monitor our systems for security threats and vulnerabilities. We are happy to provide more details about our continuous monitoring practices upon request.

Knowledge Base (FAQ)