Understanding data, security, and information governance

The principles of information security require that all reasonable care is taken to prevent inappropriate access, modification or manipulation of data from taking place. Simana, together with our hosting partners, have best practice measures in place to protect the confidentiality, integrity and availability of your data at all times. We take this responsibility very seriously and are constantly working to ensure not just compliance with the law but that we support you in complying with any pertinent organisational information governance (IG) policies. As such we have robust controls in place to maintain security and data protection. 

Learn about compliance and supporting your organisation's IG policies 

As a web-based platform, Simana is 'hosted' on computers which are located at data centres. As the data entered into Simana can be sensitive, its physical location must be somewhere that complies with the relevant data protection legislation and where the latest and most robust physical security measures are in place. Data centres provide this level of security along with many other benefits such as reduced cost, better resilience and expert 24/7/365 management of equipment. Simana's data is hosted by Amazon Web Services. 

Learn more about the infrastructure and security measures 

Ensuring the correct and appropriate access, modification and sharing of data is of the upmost importance. Which is why we utilise the latest physical and network security measures, whilst also allowing you the user control over how you share your improvement data. This combination of security measures and user control is part of the shared responsibility model adopted by Simana. 

Learn more about IG responsibilities 

There are three types of data held in Simana: Personal, Content, and Meta. All data is subject to the same physical and network security measures. The level of control users have over how the data is managed depends on the type. At no point will the system ask or require you to enter patient identifiable information or special category data, and it is strongly advised that you do not. Should you choose to enter such information it is your responsibility to ensure compliance with your IG policies. 

Find out more about the types of data held in Simana 

Access to this data is protected through the use of physical and network security (e.g. firewalls, encryption in transit and in storage, secure user logins) and access is further controlled by users themselves. Settings are available on each project so the data can be shared with the rest of the user community as appropriate. This allows users to share as much or as little as is permitted by their organisation's information governance and data sharing policies. 

Learn more about managing Simana data