Hi folks. I'm looking at Occupational Health systems for our business, which will hold potentially sensitive medical information on our employees. We are potentially looking at externally hosted solutions, and I'm trying to get an idea of what sort of things I should look to ensure are included in any contract.
So far, all I can think of specifically is around ensuring an appropriate employee vetting process for the suppliers employees and the hosts employees, ISO27001 for the hosts, and segregation of data from their other customers. I'll also push for encryption of data at rest. We're in the UK, and I'm not aware of any regulations which apply apart from the Data Protection Act. Thanks, Chris "This email and any file attachments do not form a contract unless expressly stated. They may contain privileged, confidential and/or copyright information. If you are not the intended recipient or the service provider responsible for delivering this please delete the material from any computer and return to the sender at once; do not use, disclose or reproduce its contents. We do not accept liability for any error or omission in the message arising from corruption of, delay in or interference with, its transmission. We reserve the right to monitor email communications through normal internal and external networks. We believe but do not warrant that the email and the file attachments are virus free." Interservefm Ltd. Registered in England, Number : 2820560. Registered Office: Capital Tower, 91 Waterloo Road, London SE1 8RT. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
