Data security

Keeping your data secure

Qunote provides a compliant, cost-effective, and easy to implement solution for securely storing and sharing clinical records, helping you fulfil your data protection obligations under the General Data Protection Regulation and UK Data Protection Act.

Security by design

Security by design

Ensuring privacy by design within internal systems and processes is a central tenet of GDPR. Thankfully, every aspect of the Qunote system has been designed with privacy in mind.

User access to functionality and data is permission driven, giving you complete control over what parts of the system and client files your users have access to, and permissions can be easily amended at any point. Should you need to entirely revoke a user’s access to the system, this can be done at the click of a button.

Audit logs for each user’s activity are accessible from the administration area, helping you ensure accountability in the case of an internal data breach.

Secure storage

Secure storage

All data is stored on an enterprise-level server hosted in a state of the art UK data centre protected by the following security controls:

  • Own dedicated compound
  • 24-hour manned security, and manned physical access points
  • Access by approved personnel only
  • Physical access logging and monitoring
  • CCTV and automatic intrusion detection
  • Full back-up power supply
  • Temperature and humidity controls, with continual climate monitoring
  • Automatic fire detection and suppression
  • Strict asset management protocols
  • Automated redundancies in the event of hardware failure
  • Regular maintenance of hardware and mechanical systems
  • Round the clock monitoring of all infrastructure

All data is encrypted at rest, as well as in transit using 2048-bit TLS end-to-end encryption, and the server is protected by in-built network firewalls. The system database is backed-up on a daily basis to a geographically separate secure cluster also located in the UK, with back-ups held on a seven-day rolling basis.

Our server infrastructure provider and server management team are both ISO27001 certified, and have confirmed compliance with the GDPR and UK DPA.

Data management made simple

Data management made simple

Under the GDPR, it is essential that you are able to easily access, change or delete the data you hold if required.

Qunote’s comprehensive search functions make it incredibly easy to manage the data you hold, allowing you to quickly and simply find notes on a client’s file going back several years. By setting up different client groups, you can archive closed cases while retaining easy access to the data should you require it, such as in the event of a subject access request.

Data stored within Qunote also meets GDPR’s requirement of portability, with user facilities to export data directly from the system and a full database export in “machine-readable” format available upon request.

ISO27001 and Cyber Essentials certified

Qunote operates a robust information security management system and disaster recovery process. We are regularly audited by an independent UKAS accredited certification body and are certified to ISO27001, the internationally recognised standard for information security and data governance. We are also certified by the UK Government-backed Cyber Essentials scheme.

ISO 27001

Cert No. 16451
ISO 27001

Cyber Essentials