Information Security

BigHand has identified the need to protect confidentiality, integrity and availability of important information assets and ensure that the facilities provided by the organisation are secure and available for business operation. BigHand works with a number of customers and processes and stores data on their behalf, some of which is highly sensitive personal, legal or medical information. The loss, breach or improper processing or unavailability of this information could have very serious repercussions to BigHand and its customers.​

BigHand aims to be recognised as an organisation adhering to the highest level of Information Security best practice and have implemented a formal Information Security Management System (ISMS). The ISMS is formally managed, controlled, independently audited and certified to IS027001 and Cyber Essentials Plus.​

BigHand is GDPR Compliant (registered with ICO), HIPPA Compliant, DCB0129 Compliant (NHS Clinical Risk Management), and meets the requirements of the DSP Toolkit.​

The scope of the BigHand ISMS states: "The Information Security Management System covers the Development, Provision, Support and (for SaaS client offerings) Maintenance of BigHand’s software range.“​

The objectives of the BigHand ISMS are defined as below:​

  • To ensure that polices and controls are appropriate and accurate to meet the business requirements for Information Security and ensure confidentiality of BigHand customers' information​
  • To assess information security risks to BigHand assets, information and systems, and apply appropriate treatments and actions to manage risk​
  • To ensure that security controls are checked and audited, corrective and preventive actions are raised and actioned​
  • To ensure that security breaches and incidents are logged, investigated and resolved through formal procedures​
  • To ensure that the ISMS activities are reviewed and assessed regularly by management to ensure that the ISMS and related security controls and processes are performing to required levels​
  • To ensure that all staff receive appropriate information security training and are subject to information security awareness programs to ensure that security controls are properly implemented by all​
  • To ensure the ISMS activities are recorded and documented to meet the requirements of ISO 27001, and provide documentary evidence of compliance and effective implementation of the ISMS​
  • To ensure BigHand adhere to legal, regulatory, contractual and any other relevant requirements​
  • To continuously improve the ISMS​

If you require any further information regarding BigHand’s ISMS, please contact [email protected].​


Related Links:

ISO27001 - Certificate/Licence number: IS 585078  |  Cyber Essentials Plus  |  DSP Toolkit  |  ICO Data Protection Register