Bath, 25 August 2015 – After months of rigorous audits and independent assessments, Bath-based software house Mayden has been accredited with ISO 27001:2013 Information Security Management certification by BSI, the business standards company.
ISO 27001 is an internationally recognised information security management standard which ensures that a business has stringent processes in place to identify, manage and reduce risks to information security. The certification demonstrates that an organisation is following international information security best practices.
Mayden has over a decade of experience handling highly confidential patient data. As the provider of iaptus – the patient management system used by more than 70% of the England’s Improving Access to Psychological Therapies (IAPT) services – the company already had a rigorous and fully-documented information security management system in place. The decision to attain this globally recognised certification was taken to ensure that Mayden continues to meet industry best-practices for information security.
“Protecting the confidentiality of the data entrusted to us by our NHS and other clients is Mayden’s top priority,” explains the company’s Founder and Managing Director, Chris May. “We’re very proud to have achieved this certification which illustrates our deep commitment to providing exceptional information security.”
The process requires the implementation of more than 100 different controls and requires measures to be put in place which prevent, detect and correct security risks. An organisation’s ability to achieve this stringent level of information security relies upon numerous people, processes and applications working in synchrony.
ISO 27001:2013 requires that Mayden’s management:
• Systematically examines the organisation’s information security risks, taking account of the threats, vulnerabilities, and impacts, and has measures in place to manage or reduce them;
• Designs and implements a comprehensive set of information security controls and other risk management measures to address those risks that are deemed unacceptable; and
• Implements an overarching process to ensure that information security controls continue to meet information security needs for both Mayden and its customers on an ongoing basis.
Toni Jones, UK Head of Client Propositions at BSI commented: “Keeping patient data safe is paramount and requires a robust approach in order to keep information security risks under control. Mayden’s certification to ISO 27001 demonstrates the company’s commitment to safeguarding sensitive and confidential data which should reassure customers and patients that data is well managed and secure.”
As part of the certification process, independent audits are conducted annually by BSI. Mayden’s internal Information Governance Group will carry out internal audits and review policies on an ongoing basis to ensure that security requirements continue to adapt as risks change.
Mayden is driven by a desire to change the way healthcare services are delivered by staff and experienced by patients. Today, a Mayden application is used in almost every NHS Trust in the country.
With over 10 years experience specialising in innovative, flexible cloud-based solutions for healthcare industries, Mayden is perhaps best known for iaptus, the patient management system used by 70% of the UK’s adult IAPT services.