Security and governance

EIDF services can have different security levels depending on the needs of individual data projects. These range from standard, everyday security through protected data access environments to full safe haven services. EIDF services are covered by EPCC's ISO27001 accreditation for information security practices, and by NHS Digital's Data Security and Protection Toolkit. The National Safe Haven service is also accredited by the UK Statistics Authority as a safe haven for sensitive research data.

EIDF's approach to data security is built on three principal foundations: data protection law; the Five Safes model; and the Scottish Government Charter for Safe Havens.

EPCC's services, including EIDF, are accredited for information security and quality management in a variety of ways.

EIDF is managed in the same way as our other national services and systems at EPCC, all of which follow standard computer security practices and are covered by our ISO 9001 accreditation for service quality and ISO 27001 accreditation for information security management.

A “Safe Haven” is a particular area of EIDF that is subject to additional security measures and external information governance, within which approved users can work with particularly sensitive data such as medical or financial records, survey microdata, or other kinds of personal information. EPCC operate Safe Haven environments for a number of partners who provide the overall information governance and control.