Leading organisations trust Hurdle with health data

superdrug logo
Eurofins Grey
bayer logo
Biosure Grey
Tui - Grey
Unilab Grey
superdrug logo
Eurofins Grey
bayer logo
Biosure Grey
Tui - Grey
Unilab Grey

Keeping data secure,
every step of the way

Privacy and security are the foundations of our platform and built into every step.

  • Only you and your patients can access health data
  • Full control over who you share data with
  • Labs receive only anonymous barcodes and the minimum of personal information as required by law
  • Fully GDPR-compliant flows

API Platform
API Platform

Keeping data secure, every step of the way

Privacy and security are the foundations of our platform and built into every step.

  • Only you and your patients can access health data
  • Full control over who you share data with
  • Labs receive only anonymous barcodes and the minimum of personal information as required by law
  • Fully GDPR-compliant flows

We obsessively prioritise compliance standards

We obsessively prioritise compliance standards

GDPR

GDPR Compliant

Hurdle is GDPR compliant, securely working with data from companies around the world.

SOC2

SOC 2 Compliant

Hurdle has completed a SOC 2 audit against the AICPA Service Organization Control Trust Services Principles, Criteria, and Illustrations for Security, Availability and Confidentiality.

HIPPA

HIPAA Compliant

For organisations that need to move PII data, Hurdle is HIPAA compliant.

Cyber Essentials Certified

Cyber Essentials Certified

The Cyber Essentials Certification is a pledge to our customers that we are constantly working to secure all our technology against a possible cyber-attack. It demonstrates that we take cyber security seriously and use measures to protect and upkeep our systems and processes.

ISO 27001

ISO 27001 Certified

Hurdle has been awarded the ISO 27001 certification after meeting the stringent requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).

ISO:IEC 17021-1

ISO/IEC 17021-1 Accredited

ISO 17021 sets out the requirements for certification bodies that audit and certify management systems, including competence, consistency, and impartiality.

GDPR

GDPR Compliant

Hurdle is GDPR compliant, securely working with data from companies around the world.

SOC2

SOC 2 Compliant

Hurdle has completed a SOC 2 audit against the AICPA Service Organization Control Trust Services Principles, Criteria, and Illustrations for Security, Availability and Confidentiality.

HIPPA

HIPAA Compliant

For organisations that need to move PII data, Hurdle is HIPAA compliant.

Cyber Essentials Certified

Cyber Essentials Certified

The Cyber Essentials Certification is a pledge to our customers that we are constantly working to secure all our technology against a possible cyber-attack. It demonstrates that we take cyber security seriously and use measures to protect and upkeep our systems and processes.

ISO 27001

ISO 27001 Certified

Hurdle has been awarded the ISO 27001 certification after meeting the stringent requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS).

ISO:IEC 17021-1

ISO/IEC 17021-1 Accredited

ISO 17021 sets out the requirements for certification bodies that audit and certify management systems, including competence, consistency, and impartiality.

Security

Enterprise-grade data security

  • Encryption everywhere – all data is encrypted in transit and at rest using industry standards (TLS minimum 1.2 and AES-256)
  • Identify and access management with multi factor authentication
  • Regular point in time backups of all data
  • Complete segregation of environments
  • Access is controlled based on least privilege and reviewed regularly

Security

Enterprise-grade data security

  • Encryption everywhere – all data is encrypted in transit and at rest using industry standards (TLS minimum 1.2 and AES-256)
  • Identify and access management with multi factor authentication
  • Regular point in time backups of all data
  • Complete segregation of environments
  • Access is controlled based on least privilege and reviewed regularly

Robust and secure software

  • Regular penetration tests conducted by independent 3rd parties (report available upon signing NDA)
  • Adoption of secure software development life cycle which includes automated static code analysis, code review and adopting best practices.
  • Continuous monitoring of vulnerabilities with clear remediation processes and SLAs

Secure Software
Secure Software

Robust and secure software

  • Regular penetration tests conducted by independent 3rd parties (report available upon signing NDA)
  • Adoption of secure software development life cycle which includes automated static code analysis, code review and adopting best practices.
  • Continuous monitoring of vulnerabilities with clear remediation processes and SLAs

Privacy

Dedication to privacy

  • We will never share your data with anyone else without your explicit consent
  • Compliant to UK/EU GDPR and HIPAA
  • Processes in place to respond to any subject access requests (view, correct, delete and port your data)
  • Data retention policies in place

Privacy

Dedication to privacy

  • We will never share your data with anyone else without your explicit consent
  • Compliant to UK/EU GDPR and HIPAA
  • Processes in place to respond to any subject access requests (view, correct, delete and port your data)
  • Data retention policies in place

A focus on resilience and availability

  • Platform is designed for high availability with and implemented in multiple availability zones with high uptime
  • 24×7 monitoring of availability, security and performance with on call engineering team to respond and resolve any incidents
  • Continual incremental data backups
  • Disaster recovery and business continuity plan in place and tested regularly

Resilience
Resilience

A focus on resilience and availability

  • Platform is designed for high availability with and implemented in multiple availability zones with high uptime
  • 24×7 monitoring of availability, security and performance with on call engineering team to respond and resolve any incidents
  • Continual incremental data backups
  • Disaster recovery and business continuity plan in place and tested regularly