/
Compliance and Accreditations

Patients Know Best Resource Hub | Deploy | Developer | Trust Centre | Manual | Research | Education | Release Notes

Compliance and Accreditations

Header graphic for Cyber Essentials section

Cyber Essentials

PKB has been tested against the Cyber Essentials Scheme Test Specification.

Certification date: 13th May 2025

Recommended re-assessment date: 13th May 2026

Certificate no.: 82b4c456-6b38-48dd-84c0-fe39d7c862fc

Verification: Cyber Essentials Certificate Validator.

CE 2025.png

Cyber Essentials Plus

PKB has been tested against the Cyber Essentials Scheme Test Specification.

Certification date: 26th June 2025

Recommended re-assessment date: 26th June 2026

Certificate no.: cc4b6d9t-5452-4f36-9098-ec34f5fcea1e

Verification: Cyber Essentials Certificate Validator.

 

 

Header graphic for ISO Standards section

ISO Standards

ISO 27001 - Information Security Management (ISMS)

Google Cloud Platform (GCP)

Our cloud hosting partner GCP is ISO 27001 certified. For full details on GCP’s compliance please see their dedicated webpage.

Download certificate

PKB

PKB is fully compliant with the ISO27001 standard, we have implemented an Information Security Management System and we maintain up-to-date policies, practices and documentation to support this.

Please see:

  1. PKB Information Security Management Plan EU

  2. PKB Information Security Management Plan UK

ISO 27017 - Cloud Security

Our cloud hosting partner Google Cloud Platform (GCP) is ISO 27017 certified. For full details on GCP’s compliance, please see their dedicated webpage.

ISO 27018 - Protecting PII in Public Clouds

ISO 27018 is the international standard for protecting personal information in cloud storage. Our cloud hosting partner Google Cloud Platform (GCP) is ISO 27018 certified. For full details on GCP’s compliance, please see their dedicated webpage.

ISO 27701 - Privacy Information Management

ISO/IEC 27701 is a global privacy standard that focuses on the collection and processing of personally identifiable information (PII). Our cloud hosting partner Google Cloud Platform (GCP) is ISO 27701 certified. For full details on GCP’s compliance, please see their dedicated webpage.

ISO 9001 - Quality Management System

ISO 9001 is the global standard, which companies implement to help ensure the quality of products brought to market.  Patient Know Best’s quality management system is detailed here. Our cloud hosting partner Google Cloud Platform (GCP) is ISO 9001 certified. For full details on GCP’s compliance, please see their dedicated webpage.

Header for NHS Standards section

NHS Standards

DSPT - Data Security and Protection Toolkit

 

Screenshot 2024-05-14 at 16.00.55.png

DTAC - Digital Technology Assessment Criteria

The Digital Technology Assessment Criteria for health and social care (DTAC) gives staff, patients and citizens confidence that the digital health tools they use meet our clinical safety, data protection, technical security, interoperability and usability and accessibility standards.

Purpose and Scope

The DTAC brings together legislation and good practice across clinical safety, data protection, technical security, interoperability and usability and accessibility standards and is designed to be used by healthcare organisations to assess suppliers at the point of procurement or as part of a due diligence process, to make sure new digital technologies meet our minimum baseline standards.

Patients Know Best (PKB) passed NHS England’s DTAC assessment in February 2022. PKB have an ongoing commitment to developing and running the platform with the required security, governance and accessible standards for our users.

The DTAC is a living document and is reviewed periodically to ensure that the most up to date information is provided in relation to the five core components.

Product Overview

Patients Know Best is a Personal Health Record system. PKB facilitates borderless, integrated care. The system connects information from primary, secondary, social and mental health care providers, to create a single, unified copy of patient data accessible by patients and their carers. Patients can also upload their own data to help them self-manage their health and wellbeing. This includes a symptom tracker and uploading measurements for patients to see their trends. Organisations can choose what data to release to patients, including diagnoses, allergies, medications, dynamic care plans, test results, measurements and documents.

The PKB platform does not suggest actions to patients, it is a data store to allow patients to both see and save their data securely. Where organisations choose to, asynchronous messaging allow a patient to contact their clinical teams for shared decision making.

DTAC

PKB’s DTAC can be accessed here:

Usability and Accessibility weighted score: 85%

Supporting Documentation

Data Security and Protection Toolkit

https://wiki.hub.patientsknowbest.com/wiki/spaces/IG/pages/3510239418

SOC2

At Patients Know Best (PKB), the security and privacy of your data are at the core of everything we do. We understand that trust is earned, which is why we are committed to upholding the highest global standards of information security.

To demonstrate this commitment, PKB officially achieved SOC 2 Type II certification in February 2026.

What is SOC 2?

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests of their clients. It is considered the gold standard for data security and privacy.

Our certification is based on the five Trust Services Criteria:

  • Security: Protecting information against unauthorised access.

  • Availability: Ensuring systems are operational and available for use as agreed.

  • Processing Integrity: Ensuring system processing is complete, valid, accurate, and authorised.

  • Confidentiality: Protecting information designated as confidential.

  • Privacy: Addressing the collection, use, retention, and disclosure of personal information.

Our SOC 2 Achievement 

Following a rigorous, independent audit, PKB has been verified as SOC 2 Type II compliant.

What does this mean

A Type II certification is more than a snapshot in time. Unlike a Type I audit, which only looks at a point-in-time design, our Type II report confirms the operational effectiveness of our security controls over an extended observation period. This comprehensive evaluation proves that our security practices are not only well-designed but are consistently followed and embedded in our culture.

Milestone reached: February 2026

After a comprehensive examination of our company’s infrastructure, software, personnel, data, and procedures, we received our final SOC 2 Type II report in February 2026. This achievement follows a significant investment of resources to ensure our systems meet and exceed the most stringent requirements in the industry.

Why This Matters

Our SOC 2 Type II certification provides you with tangible, third-party assurance:

  • Peace of Mind: You can be confident that your data is handled with the utmost care and protected by industry-leading security controls.

  • Verified Trust: An independent, third-party auditor is validating that our security practices are robust and effective.

  • Enhanced Reliability: The criteria for Availability ensure that our services will be there when you need them.

soc2Large2.png

 

Other Compliance

NEN 7510

ODS, ICO, etc.

DCB0129 / DCB0160

Patients Know Best Resource Hub | Deploy | Developer | Trust Centre | Privacy Notice | Manual | Research | Education | Release Notes

© Patients Know Best, Ltd. Registered in England and Wales Number: 6517382. VAT Number: GB 944 9739 67.