Security and Governance



At HBSUK security governance is the collection of practices related to supporting, defining, and directing the security efforts. We have a robust approach to securing patient information.

Security governance is closely related to and often intertwined with corporate and IT governance with a common goal of maintaining business processes while striving toward growth and resiliency.

HBSUK meets all NHS IT governance compliance, including certification to Cyber Essentials Plus & the NHS Digital - NHS Data Security and Protection Toolkit. We meet the requirements of the and are tested at least once a year against malicious threats

HBSUK is recognised as "Exceeding Standards" with NHS 


HBSUK governance framework is designed to ensure that we effectively manage and meet all statutory obligations whist maintaining a corporate integrity. The legal framework governing the use of personal confidential data in health care is complex and incorporates the legislation such as the following: The Health and Social Care Act 2012, The Data Protection Act, The Human Rights Act and the more recent General Data Protection Regulation (GDPR). HBSUK are fully cognisant and compliant to all relevant Care Quality Commission (CQC), ISO9001 and ISO27001 requirements.

ICO Registration number ZA132941.

Our Clinical Governance Board are representatives from external board of senior medical advisors who oversee the safety of clinical service delivery, ensuring clinical professionals are providing the highest level of safe care and advise us on on-going developments in clinical guidelines and processes.


CQC Position Statement 


On 6th November 2020, in consultation with the Care Quality Commission (CQC) it has been agreed that HBSUK Services are not part of a Regulated Activity (RA). 


The model adopted by HBSUK for Insourcing services means that the business does not require to be registered with the CQC.  Remote Specialist assessment services provided by HBSUK are also not a regulated activity. 


The CQC were absolutely clear that services provided by HBSUK do not fall under the statutory definitions of activities regulated by the CQC. The CQC was also clear that this in no way implies that they are not well controlled or compliant. HBSUK hold ISO9001 and ISO27001 registrations via a UKAS approved 3rd Party and are exemplars in innovation and pathway care management. 

This document outlines how HBSUK is managing the health, safety and well-being of its employees and visitors during Covid-19 pandemic. The assessment will be reviewed periodically and in line with any further guidance issued by the Government.


If you have any queries or would like to know more please contact