Data Privacy 

 & Security 

Robust software and processes to ensure maximum data security across the Blackford Enterprise Platform

Data Privacy & Security

Blackford is committed to upholding the highest standards of information security and privacy at Blackford. In alignment with being ISO 27001 certified, our privacy framework adheres to both the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) ensuring that personal data is handled with the utmost care and compliance.  

We implement a robust risk management strategy to safeguard and classify data. We employ strict access controls, encryption, and conduct audits. Our approach is centred on transparency, data minimisation, and accountability, ensuring individuals’ rights are respected and any breaches are swiftly mitigated through defined incident response protocols. This comprehensive strategy underscores our dedication to maintaining the confidentiality, integrity, and availability of personal information while aligning with both European and U.S. regulatory requirements. 

Office workers walking to the right

ISMS & ISO 27001 Certification

The Blackford Management System is certified to ISO 27001. Blackford first obtained certification in Jan 2023 to ISO 27001:2013 transitioning to ISO 27001:2022 in Feb 2024. 
ISO 27001 is the only auditable international standard that defines the requirements of an ISMS (information security management system). 

An ISMS is a systematic approach consisting of processes, technology and people that helps you protect and manage all your organisation’s information through effective risk management. At the heart of our ISO 27001-compliant Management System are business-driven risk assessments, used to identify and treat security threats. 

Securing Our Environment

Blackford takes a forward-thinking proactive approach to IT security.  Our systems are highly resilient and secured to multiple security framework standards.  These include ISO27001, UK Cyber Essentials and NIST. 

To achieve a high level of security we employ regular penetration and vulnerability testing along with scanning of our perimeter systems and external facing services. 
Our data is backed up using cloud based resilient systems spread across multiple geographic locations.

HITRUST

In 2024 Blackford initiated a project for HITRUST R2 Certification Gaining HITRUST certification represents Blackford’s commitment to continuous improvement aiming to have certification in mid-2025. 
  
The HITRUST CSF is a comprehensive, flexible, and certifiable security and privacy framework used by organizations across multiple industries to efficiently approach regulatory compliance and risk management.  Incorporating standards and regulations from various authoritative sources, such as HIPAA, NIST,  ISO, and GDPR this standard provides customers with confidence in knowing their data and confidential information are secure.

ISO 27001 logo
Cyber Essentials logos
HITRUST logo

Secure Development

Blackford’s software development processes place a high importance on security with the use of automated security tooling (SCA, SAST, DAST) and practises like Threat Modelling and regular product penetration tests. 

Our AI Platform and most available third party AI solutions can be deployed fully on premise keeping all patient data safely within the healthcare institution. With the optional Blackford Accept / Reject Tool clinical end users can validate AI Results in a zero footprint viewer before they are published to PACS. For end user authentication and authorization the system supports federation (Single Sign On) with existing identity management infrastructure (e.g. Active Directory) via the OpenID Connect (OIDC) protocol. 

Cloud Deployment of Applications

As an alternative to on-premise deployment, third party AI applications can also be run in the cloud. This has the advantage of no additional compute resource being required locally and can enable better compute resource utilization (e.g. when less resources are needed out of hours).

With cloud hosted clinical applications, the Blackford Platform still remains on premise as a connector to PACS, RIS, EMR, reporting, etc. All data transferred to the cloud for processing is first de-identified locally by the Blackford Platform so that PHI does not leave the institution. AI results received from the cloud are then re-identified locally before making them available to users. 

Telemetry Dashboard

The Blackford Dashboard is a web based cloud hosted support application that collects telemetry data from deployed Blackford Platform instances.

Blackford Support staff utilize it to diagnose technical problems and monitor system health. Telemetry data captures high level processing and system information and does not contain any patient data. Dashboard sign in for end users requires MFA. Blackford Platform authenticates to the Dashboard using service accounts (also with MFA) and transmit telemetry data over a secured connection. 

The future of Blackford ISMS        

Blackford Management System is based on the principles of continuous improvement and, in an era where digital threats are increasingly sophisticated, the team is committed to working with customers to identify those certifications, accreditations and attestations that will provide confidence in the security of Blackford’s products and your data.  Our security roadmap looks out to 2027 and beyond, including considerations for SOC2, C5 and FedRAMP.   

review image 1

Book a meeting

We’d welcome the opportunity to learn more about your AI needs and to explain how partnering with Blackford can drive efficiency and provide ongoing value.

Book a Meeting