Privacy and Security

Strata Health Solutions recognizes that the disciplines of confidentiality, integrity and availability within Information Security Management are integral parts of its management function.

Operating at International Standard ISO/IEC 27001:2013

It is Strata Health Solutions’ Information Security Policy to seek to operate to the highest standards, and implement and operate fully the ISO 27001:2013 standard, including continual improvement. Strata Health Solutions will:

  • Comply with all applicable laws and regulations and contractual obligations.
  • Implement continual improvement initiatives, including risk assessment and risk treatment strategies, while making best use of its management resources to better meet information security requirements.
  • Communicate its information security objectives, and its performance in achieving these objectives, throughout the company and to interested parties.
  • Adopt an information security management system comprising a security manual and procedures which provide direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with its work.
  • Work closely with its customers, business partners and suppliers in seeking to establish appropriate information security standards.
  • Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on information security.
  • Train all members of staff in the needs and responsibilities of information security management.

Strata Health has been assessed and approved as operating to the ISO 27001:2013 standard, including requirement for annual audit. View our ISO/IEC 27001:2013 Certificate.

Information Governance (UK) – IGSoC

In the UK, the NHS has setup an Information Governance standard called the Information Governance Toolkit which is an online system which allows NHS organisations and partners to assess themselves against Department of Health Information Governance policies and standards. As part of this toolkit as a participating organization, Strata Health Solutions completes the Information Governance Statement of Compliance (IGSoC) on an annual basis.

Strata Health is fully compliant, and the status of this compliance can be reviewed at any time at the following site: Status of Compliance

Threat Risk Assessments & Privacy Impact Analysis

TRA/PIA As part of operating a hosted solution, Strata Health Solutions is often involved in performing Security Threat Risk Assessments (TRA) and Privacy Impact Analysis (PIA) either independently with a certified third party organization or in conjunction with its clients. It is the view of Strata Health Solutions that the process of performing TRA and PIA exercises is an important part of our management model and Strata will continue to work with its clients to ensure the Firm is operating at the highest level.

To contact Strata’s privacy and security department please email