Information governance and technical resource

This resource describes our approach to information governance, the technical details, and how Concentric integrates with other systems.

Contents:

• Data processing

  • Types of data processed
  • Legal basis for processing
  • Third party processors
  • Transparency and user rights
  • National data opt-out
  • Testing considerations
    
    

• Information security

  • Data flows
  • Who can access the data
  • Audit logs
  • Hosting
  • Data security at rest
  • Data security in transit
  • Data archival, retention, and disposal
  • Accreditations
  • Electronic signature
    
    

• Technical details

  • Process logging and audit logs
  • Authentication
  • Data storage and tampering
  • Secure application development practices
  • Hosting and network diagram
  • Server security
  • Data deletion
  • Resilience to failures
  • Internal identity and access management
  • Incident response process
    
    

• Integration

  • Integration touchpoints
  • Technical approaches to integration