Formic Solutions undergoes rigorous independent external evaluation to demonstrate its systems and processes guard against common cyber threats

Patient experience and clinical audit technology provider Formic Solutions has achieved Cyber Essentials Plus accreditation under the government-backed cyber security scheme, providing its many NHS and other customers with additional assurance that it has taken the essential precautions to ward off potential cyber threats to help protect its data and that of its customers.

Cyber Essentials is the government and industry-supported programme that is designed to enable businesses to evaluate and, where necessary, enhance their cyber security by putting their systems and processes through a set of simple yet rigorous tests. Cyber Essentials Plus certification is the highest standard on offer under the programme, and involves a set of additional tests which are then verified by an approved certifying body.

Formic’s many NHS and healthcare customers use the organisation’s solutions to capture clinical audit and patient experience data (such as via the Friends & Family Test) at scale. This data can then be turned into insight to drive healthcare quality and service improvement.

“Formic has always taken data security seriously, as we know that we deal with sensitive information on behalf of our customers. With this accreditation, Formic has further strengthened its cyber security procedures to show to our customers that we are a trusted processor of data to inform data-driven quality improvement,” said John Morley, CEO of Formic.

Formic is already ISO 27001 certified, the international specification for information security management systems. This framework uses international best practice for information risk management processes help keep information secure.

The Cyber Essentials Plus award is additional to this certification, and defines a set of controls which, when properly implemented, will provide organisations with the basic protection from the most prevalent forms of threats coming from the internet. It focuses on threats which require low levels of attacker skill, and which are widely available online.

This means it is mitigating against common attacks such as phishing, which sees a user’s computer infected after clicking on a malicious link or email, or hacking, where known vulnerabilities in internet connected servers are exploited to access information held on those servers.

To become accredited, Formic worked with an independent evaluator to show that it had the necessary technical security measures in place for its firewalls, security configuration, user access, malware protections and patch management. The award shows that it has taken important and necessary steps to protect its information and that of its customers.

With Cyber Essentials Plus and ISO 27001 certifications, Formic customers across the NHS can be sure that they are working with a company that has a robust and proven approach to cyber security to protect the data it processes on their behalf.