At Clinitalk, strong governance is fundamental to ensuring the integrity, security, and compliance of our platform. This page outlines the frameworks and practices we follow to manage risk, maintain transparency, and uphold regulatory standards.
Library documents are divided into 5 areas
Data protection Impact Assessment File
Document Reference: 1000
Detail: Our template DPIA describes the nature of the data processing, the associated risks to an individuals privacy and the mitigations put in place to protect an individuals rights under GDPR.
Classification: Public ↗️
Information Security Management System File
Document Reference: 1006
Detail: Our ISMS outlines the structure of our information security system listing our processes, policies, procedures and controls and is aligned to ISO 27001 standards.
Classification: Public ↗️
Information Security Policy
Document Reference: 1007
Detail: Our information security policy outlines our overarching principles, goals and objectives relating to information security. That includes cloud security, backups, system updates.
Classification: Public ↗️
Password Protection Policy
Document Reference: 1008
Detail: Our password protection policy outlines our rules and procedures governing the creation, management and use of passwords for accessing computer systems, applications and data.
Classification: Public ↗️
Database Credentials Policy
Document Reference: 1009
Detail: Our template DPIA describes the nature of the data processing, the associated risks to an individuals privacy and the mitigations put in place to protect an individuals rights under GDPR.
Classification: 🔒 Classified (contact us for details)
Cryptography Control Policy
Document Reference: 1010
Detail: Our cryptography policy outlines our rules and procedures regarding our use of encryption to protect sensitive data and communications.
Classification: 🔒 Classified (contact us for details)
Access Control Policy
Document Reference: 1014
Detail: Our access control policy summarises our rules and procedures for managing and controlling access to our assets such as databases, servers, development environments, and sensitive documents.
Classification: Public ↗️
User Registration Policy
Document Reference: 1016
Detail: Our user registration policy outlines our rules and processes governing the registration of users for access to our services. These are the terms and conditions for use of Clinitalk
Classification: Public ↗️
Internal User Registration Policy
Document Reference: 1025
Detail: Our internal user registration policy outlines our rules and processes governing the registration of users for access to systems used internally by our organisation.
Classification: Public ↗️
Sub Processor Data Processing Agreement
Document Reference: 1005
Detail: Our DPA with our sub processor is a legally binding contract that governs the processing of personal data ensuring that we meet the legal requirements of UK GDPR law.
Classification: 🔒 Classified (contact us for details)
Customer Data Processing Agreement Customer
Document Reference: 1045
Detail: Our customer data processing agreement governs the processing of personal data ensuring that we meet the legal requirements of UK GDPR law.
Classification: Public ↗️
Data Security and Protection Toolkit
Document Reference: 1036
Detail: Publication of Clinitalk's assessment against the National Data Guardian's 10 data security standards.
Org: ID F7W4T
Classification: Public ↗️
Change Management Policy
Document Reference: 1021
Detail: Our change management policy governs how changes are planned, implemented and monitored within our operations and systems in order to minimise risk and disruption to our service.
Classification: Public ↗️
ISO27001 ISMS Requirements Review
Document Reference: 1026
Detail: Our Information Security Management System requirements review details our progress towards meeting the standards set out in ISO27001 certification.
Classification: 🔒 Classified (contact us for details)
GDPR Compliance Audit
Document Reference: 1020
Detail: Our general data protection compliance audit is a systematic review of our data processing and protection activities to ensure compliance with UK law.
Classification: Public ↗️
Penetration Testing Certification
Document Reference: 1031
Detail: Our penetration testing certificate demonstrates that Clinitalk is compliant with the required UK security standards.
Classification: Public ↗️
Cyber Security Essentials Plus Compliance Certification
Document Reference: 1004
Detail: Our cyber essentials compliance certificatation demonstrates our compliance with the Cyber Essentials requirements as outlined by the UK government National Cyber Security Centre (NCSC)
Classification: Public ↗️
Clinical Risk Management File
Document Reference: 1028
Detail: Our clinical risk management file details the Clinitalk development life cycle, its risk management plan, hazard log, safety case report, evaluation and controls.
Classification: Public ↗️
Privacy Notice
Document Reference: 1024
Detail: Our privacy notice informs individuals about how personal information is collected, used, protected and deleted.
Classification: Public ↗️
Data Coordination Board Compliance (DCB 0129)
Document Reference: 1035
Detail: Our DCB0129 documentation demonstrates our compliance with the NHS assurance standards laid out by the data coordination board.
Classification: Public ↗️
Information Comissioner Registration Certificate
Document Reference: 1030
Detail: Our Information Commissioner Registration certificate demonstrates our compliance with UK information governance regulation.
Classification: Public ↗️
DTAC assessment
Document Reference: 1027
Detail: Our Digital Technology Assessment Criteria report demonstrates that we meets acceptable standards for data protection, technical security, interoperability, usability and accessibility.
Classification: Public ↗️
Integrated Care Board Assurance
Document Reference: 1032
Detail: Clinitalk's governance has been audited by BSOL ICB against the national standards and approved as a supplier. We are systematically approaching each ICB. Being a stand alone web based resource there should be no regional variation in risk to patients, organisations or data. In which case, the assessment process in each ICB is a replication and one might reasonably expect uniformity of outcome.
Classification: Public ↗️
Development Operations Log
Document Reference: 1037
Detail: Our dev ops log contains a daily task list and records the daily review of user logs to monitor for suspicious acivity. The daily backup is also recorded here.
Classification: 🔒 Classified (contact us for details)
Clinitalk workplan evidence
Document Reference: 1044
Detail: Internal documentation of the evidence relating to the NHS data security and protection toolkit
Classification: 🔒 Classified (contact us for details)
Acceptable use policy
Document Reference: 1012
Detail: Our acceptable use policy outlines the legal, ethical and respectful use of our services that users must adhere to.
Classification: Public ↗️
Consent and storage policy
Document Reference: 1015
Detail: Our consent and storage policy defines our approach to the collection, storage and management of user and patient data.
Classification: Public ↗️
Asset register & Audits
Document Reference: 1018
Detail: Our assets and audits file contains registers of our information, software & firmware assets, asset audits, record of processing activities and our annual data security training audit.
Classification: 🔒 Classified (contact us for details)
Key dates file
Document Reference: 1023
Detail: Our key dates document is an internal reference that lists important dates on which staff actions are required to maintain the Clinitalk service.
Classification: 🔒 Classified (contact us for details)
Incident log
Document Reference: 1043
Detail: Our incident log is an internal document that records incident reports, risk assessment and root case analysis. Within the log we also document threats, and phishing attempts.
Classification: 🔒 Classified (contact us for details)
Design process summary
Document Reference: 1039
Detail: Our design process summary should be read in conjunction with the development lifecycle documented in the file 1028, Clinical Risk Management.
Classification: Public ↗️
Contract and Service Level Agreement
Document Reference: 1041
Detail: Contains our contract with trainees and the associated SLA and data sharing agreement with them.
Classification: Public ↗️
Business continuity plan and exercises
Document Reference: 1042
Detail: Our business continuity exercise report is an internal document that details our business continuity and disaster recover planning and exercises.
Classification: 🔒 Classified (contact us for details)
Annual training on Data Security Policies
Document Reference: 1022
Detail: Our annual training on data security policy is documented in our audit section. It's purpose is to promote understanding and compliance with our policies by providing annual updates.
Classification: 🔒 Classified (contact us for details)
Training Needs Analysis Summary
Document Reference: 1040
Detail: Our training needs analysis summary details the skills, knowledge, and competencies required for the effective performance of key members of the Clinitalk team
Classification: 🔒 Classified (contact us for details)
Personnel Register
Document Reference: 1017
Detail: Our personnel register contains a record of our personnel's key employment details including their contact details, position, start and end dates, supervisor, and user account details.
Classification: 🔒 Classified (contact us for details)
Content Authoring Policy
Document Reference: 1038
Detail: Our content authoring policy details the procedures a content author must follow when creating educational content in Clinitalk.
Classification: Public ↗️
