accreditations image

MegaNexus is ISO27001 accredited, the ISMS standard for handling and storage of sensitive data..

In order to protect sensitive data, and to identify and manage information security risks and provide assurance that we are following best practice for informational security, MegaNexus has implemented a series of technical and operational security initiatives. These include establishing an information security management system (ISMS) which is certified to international best practice for information security (ISO27001). The purpose of the ISMS is to protect the confidentiality, integrity and availability of information and minimise security risks.

The ISMS has been designed and implemented to address the following objectives:

  • To protect our clients’ and MegaNexus’ information from unauthorised access, modification or loss by implementing security controls which are regularly audited and monitored
  • To develop the safest, most scalable and simplest to use data platform for our clients
  • To comply with our clients’ and partners’ security requirements
  • To comply with HMG (NHS, NOMS, SFA…) security and code of connection requirements
  • To provide information security training for everyone that needs it
  • To comply with legislative requirements for information protection
  • To implement an appropriate level of security, that is complied with and supported at all levels
  • To identify and manage risks in our supply chain
  • To continually review and improve our security protocols


In order the meet the above directives, the following are in operation at all times:

  • A named manager is ultimately responsible for security
  • The Information Security Committee oversees implementation and management of security controls
  • The SIRO is responsible for the implementation and management of the ISMS, including reporting upon its effectiveness
  • Information Asset / Risk Owners are responsible for identifying and classifying their information and addressing risks
  • Managers at all levels are directly responsible for complying with our information security controls and ensuring adherence by their staff
  • All staff, including temporary workers, contractors, and, where appropriate, third parties are responsible for complying with our information security policies
  • Information assets are identified, assessed for risk and appropriately protected
  • Risk escalation processes are implemented
  • Security policies covering IT systems, personnel security, facilities, supply chain assurance, business continuity and the collection, use, sharing, retention and disposal of information are implemented and adhered to
  • Information security training is available to all staff, including temporary workers and contractors
  • All actual or suspected breaches of information security will be reported to and investigated by the Compliance Manager
  • Assurance on the effectiveness of information security controls is provided by internal and external audits



For more information on ISO27001, click here