Case Study:
Desuto Ltd
Sector: Health
Challenges
Desuto was a new developing health tech business that was working with some early adopters with their decision support platform. As the trials had been successful, the company needed to ensure it could provide the necessary services for the industry with the right compliance measures. This was to meet not only GDPR regulations as it involved processing highly sensitive data but also against the strict NHS Data Standard and Protection Toolkit and the Cyber Essentials assessments.
Therefore, the company needed expert data protection, information security and accreditation support to ensure that their system could be delivered and deployed successfully into a highly regulated industry.
Solutions
CentriVault worked closely with the Desuto board and supported in all areas required to demonstrate complete compliance – whether it was from the data regulations. GDPR, or the necessary data security requirements from the NHS.
CentriVault also worked closely to ensure the company would pass Cyber Essentials certification first time and provided dedicated expert resources as an external DPO and security advisor.
The Implementation
CentriVault appointed a dedicated data security expert and Virtual Data Protection Officer to Desuto to work closely with their team over several months and to plan out a challenging process in achieving the necessary certification and accreditation.
This started with Cyber Essentials and then moved on with compliance needed against the NHS Data Standard and Protection Toolkit – both were required to provide the services into the health sector and also using NHS data.
The Outcome
Acting as Desuto's security and data protection partner, CentriVault ensured that the company was able to become Cyber Essentials certified and achieved a successful assessment against the NHS Data Standard and Protection Toolkit.
This allowed Desuto to continue the deployment of its platform and officially enter the marketplace with the necessary sensitive data being stored in its database to assist with clinical decision-making. It also allowed the company to plan for a wider development and expansion into further disruptive product offerings.
Project Highlights
1
Proven Expertise
-
Delivered the expert resource at the budget required from a small business.
-
Produced key policies and procedures needed to support a robust security and data management programme.
2
Compliance & Certification
-
Desuto was able to demonstrate legal compliance of GDPR
-
Cyber Essentials certification was achieved first time.
-
The NHS Data Standard and Protection Toolkit assessment was successful and met the deadline required for submission.
3
Peace of Mind
-
Provided a virtual DPO service.
-
Provided peace of mind for early customers using the platform and helped plan the next development iteration of the tool through the Therapy Record Online Portal.