Technical and organisational security measures

The Council has a robust suite of security controls in place to protect the records we hold about you (on paper and electronically). The Council meets stringent Public Sector Network (PSN) Security controls, and strict Payment Card Industry Data Security Standards (PCI-DSS). The Council has Cyber Essentials accreditation and complies with NHS Digital's Data Security and Protection Toolkit (DSPT) standards.

Access to your records is only available to those who have a right to see them. Examples of further security include:

  • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This type of technology is applied to a number of our systems including our email system.
  • Access Controls, controlling access to systems and networks using multi-factor authentication, allows us to stop people who are not allowed to view your personal information from getting access to it.
  • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
  • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (patches).