Printed from CheckTick DSPT Compliance Documentation
Standard Data Security Clauses (Personnel)
Scope: All employees, founders, and contractors.
1. Compliance with Security Policies
Personnel shall at all times comply with CheckTickβs internal security framework, specifically the:
- Security Overview (OWASP alignment)
- Business Continuity & Disaster Recovery Policy
- Incident Response Plan
2. Technical Safeguards
Personnel agree to maintain the integrity of the platform by:
- Using strong, unique passwords and mandatory MFA for all systems (GitHub, Northflank, Google).
- Ensuring personal work devices (laptops/mobiles) utilize Full Disk Encryption (FileVault/BitLocker).
- Never storing patient-identifiable data (PII) on local unencrypted storage.
3. Mandatory Reporting
Personnel are contractually obligated to report any lost device, suspected phishing attempt, or potential data breach to the SIRO within 1 hour of discovery.
4. Training
Personnel must complete the NHS Data Security Awareness training annually. Failure to maintain training or repeated violation of security protocols may result in termination of the engagement.