Where is Civica Scheduling data stored and how is it protected?
All data is stored within the UK across multiple availability zones on AWS EU-west 2 (London). Please see here for up-to-date details on our data centres and how they are protected.
All information is sent over an encrypted connection with HTTP Strict Transport Security to force modern browsers to initially connect to Civica Scheduling over TLS. Currently a mix of AES 128 (and where supported AES 256), and encrypted at rest.
What personal data do we store?
In order for Civica Scheduling to function effectively, certain information about staff and patients is required. The patient personal data typically includes:
- Telephone number.
- NHS Number.*
- Type and frequency of interventions.*
*These data points are regarded as special category data under GDPR, as they are types of health data.
The staff personal data typically includes:
- Employee reference.
Is Civica Scheduling a Data Controller or a Data Processor?
The healthcare organisation is typically the Data Controller. We are the Data Processor (where our services are used). This means that we process data about your patients under the terms in our Data Processing Agreement, to allow you (as a healthcare organisation) to provide a service to your patients.
How are we compliant?
- We are certified in ISO 27001 (See attachments below for certificate).
- We are UK Government's Cyber Essentials certified (See attachments below for certificate).