We’re pleased to confirm to start that we have just successfully completed our annual Penetration Test and recently re-confirmed our Cyber Essentials Plus accreditation. This isn’t just a milestone; it’s part of our ongoing commitment to creating a safe, secure, and trusted environment for our customers and their patients’ sensitive data. When it comes to security, we believe in going above and beyond to give you total peace of mind.
We know that security isn’t a “set it and forget it” deal. It’s a continual process, and we’re always working in the background to ensure our systems meet (and exceed) the standards you rely on. Being a trusted partner to the NHS, we’ve built our processes around rigorous standards, accreditations, and certifications to ensure our software is secure, compliant, and intuitive for frontline staff:
Here’s everything we do to provide the security and peace of mind you need:
Annual Penetration Testing
We conduct independent annual penetration tests, identifying and resolving vulnerabilities to stay ahead of emerging threats and ensuring our software remains resilient.
Data Security & Encryption
- At rest: Patient data stored in UK based, AWS EBS volumes are fully encrypted by default, including backups and snapshots.
- In transit: All communications are encrypted using TLS 1.2, ensuring secure data transmission.
- Role-based access control: Sensitive information is only accessible to authorised users, configured to align with NHS workflows.
NHS Standards Compliance
- DSPT (Data Security and Protection Toolkit): We’re fully compliant, meeting annual NHS Digital requirements for secure data management.
- DSC0129/DSC0160 Compliance: Our clinical safety processes meet the NHS’s clinical risk management standards, ensuring our software is not just secure, but also safe for clinical use.
- GDPR Compliance: We adhere to GDPR to ensure patient data is processed securely and transparently.
ISO Certifications
- ISO 27001 (Information Security Management): We follow a structured framework for managing information security, known as an Information Security Management System (ISMS). This ensures your data remains confidential, accurate, and accessible only to those who need it.
Cyber Essentials Plus
We are certified by Cyber Essentials Plus, a UK government-backed scheme that protects against common cyber threats. This certification goes beyond the basic level, involving independent testing and verification of our systems to ensure robust protection measures are in place.
NHS Accreditation
We maintain accreditation with NHS England (NHSE) and key clinical systems providers, including:
- IM1 – EMIS, TPP SystmOne, and Cegedim Vision: Our software integrates seamlessly with clinical systems, meeting operational, clinical, and security requirements.
- Evidence-Based validation: We undergo thorough testing and evidence submission to retain these accreditations, demonstrating compliance with NHS standards.
Continuous Monitoring & Updates
- Vulnerability scans: Regular scans and penetration tests ensure proactive risk management.
- Patch management: Critical updates are applied promptly to eliminate vulnerabilities.
- System tools: Utilisation of Datto; our Remote Monitoring and Management (RMM) software to monitor for issues and seamlessly rollout updates and upgrades.
Transparent Processes
- Audit trails: Every action is logged and timestamped, supporting NHS compliance and accountability.
- Access logs: Clear records of who accesses and modifies data for seamless reporting.
Resilience & Continuity
- Disaster recovery: Automated daily backups stored securely ensure data integrity in emergencies.
- Business continuity: Ongoing developments to ensure that you can keep working even when your clinical system isn’t available.
Designed for the NHS
- Intuitive interfaces: Built for frontline staff with limited time for training, ensuring our tools are easy to use and effective.
- Streamlined workflows: Designed to reduce friction and integrate seamlessly into clinical operations.
Dedicated Support
- Our UK-based support team is always on hand to answer questions, resolve issues, and provide reassurance about compliance and security.
At Jayex, we believe that security and usability go together. From Cyber Essentials Plus certification to ISO standards and NHS clinical system accreditation, we ensure our software is secure, compliant, and ready for the demands of the NHS.
