Surgery Connect complies with NHS information governance protocols, securely storing encrypted call recordings and messages.
- Data access is restricted to authorised users with strong password controls.
- All data is permanently deleted in line with data retention strategies, and is securely held in UK data centres managed by X-on.
- X-on maintains accreditations with:
- ISO 9001 (Quality Management of Systems requirements)
- ISO 27001 (information security standards), ICO (Data Protection Act compliance)
- IGT (NHS digital services access requirements)
- Being a Crown Commercial Service Supplier
- Being a PCI-DSS (credit card security rules) Level 1 Provider