AIMES recently undertook our annual DNV ISO Audit. In addition to retaining our existing ISO 27001 accreditation, we secured two new codes of practice: ISO 27017, and ISO 27018.

As AIMES and our customers continue to grow, and the landscape of cloud computing and data security continue to evolve, securing these accreditations recognise the measures we have put into place to uphold the highest levels of data protection required for working with health data.

ISO 27017: 2015

This standard provides guidelines for information security controls applicable to the provision and use of cloud services.  Specifically it covers:

• Responsibilities of AIMES as a cloud service provider and you as a cloud customer.
• Protection and separation of virtual environments.
• Virtual machine configuration
• Customer activity monitoring within the cloud.

This accreditation confirms that AIMES are a secure and trusted supplier of cloud services and data handling/storage.

ISO 27018: 2020

This is the international standard for protecting personal identifiable information (PII) in cloud storage and accreditation validates AIMES as a PII processor.

As over 80% of data breaches involve PII, AIMES have attained this accreditation to ensure this risk is minimised as much as possible. This is particularly important in the health sector, as the high sensitivity and confidentiality of health data requires a cloud supplier with the highest level of integrity and compliance.

Paul Langan (pictured centre), our ISMS Manager who led the work on securing these accreditations, commented:

AIMES put great value on the security of client data and are pleased to announce two important additions to its ISO/IEC 27001 Information Security Management Systems accreditation, ISO/IEC 27017:2015 – Security Controls for Cloud Services and ISO 27018:2020 – Protection of Personally Identifiable Information. This will give clients further confidence that their data is safe and secure here at AIMES.

All our services, including our market-leading TRE and Infrastructure as a Service, are certified with these accreditations; and we adopt strategies such as end-to-end encryption and 2FA enforced VDI technology to protect and limit access to the data we store.

In addition to ISO 27001, ISO 27017 and ISO 27018, our other accreditations and certifications include Cyber Essentials Plus and NHS DSP Toolkit compliance. Our 1.5-megawatt data centre also meets the European Code of Conduct for energy consumption, and was among the first data centres in Europe to be recognised as a Class 3 Facility by the Data Centre Alliance.

For more information you can view a full list of our accreditations, or you can contact us directly to see how our services could help your organisation.