EPCC awarded new data processing and storage accreditations

The Digital Economy Act (DEA) came into force in 2017 and covers issues related to electronic communications infrastructure and services. Under the Act, an organisation may become accredited for the purposes of processing data, principally with the linkage or de-identification of data, or the storage and provision of secure access to the de-identified data. EPCC is accredited for storage and provision for the National Safe Haven that it operates on behalf of Public Health Scotland.

The accreditation came after an on-site audit carried out by the Office for National Statistics (ONS),  the government appointed auditors. The audit was the culmination of several months of effort to collect and present evidence showing how EPCC defines, implements and records processes for information security. 

Overall EPCC was assessed as having 9 out of 15 security controls in a ‘mature’ status (the highest category) with the remainder being ‘good’ (the second level).  Accreditation is only given when all controls are at least ‘good’.

Achieving this accreditation complements EPCC’s existing ISO270001 certification and is an important step as it develops the Edinburgh International Data Facility and associated services.