HeadUp Labs’ Commitment to Information Security

HeadUp is GDPR compliant
Our data is stored in Europe
HeadUp meets the NHS’ Data Security and Protection Toolkit requirements, assessing performance against the National Data Guardian’s 10 data security standards. View our assessment.
HeadUp is Cyber Essentials and Cyber Essentials Plus certified

Our security stance

HeadUp can only offer the platform it does if we demonstrate the highest levels of comfort and assurance on the part of all our members in the ongoing security, integrity, and confidentiality of your information assets, across all parts of the globe.At HeadUp, we treat the confidentiality, availability, and integrity of all sensitive information, including our award-winning app and all data stored and / or processed by our employees and any third parties we employ, as being of the highest strategic priority. Protecting this information and securing it against deliberate and accidental threats is not simply the job of IT: it is everyone’s responsibility.Information is an extremely valuable and important personal asset that requires protection against risks that would threaten its confidentiality, integrity and / or availability. Suitable information security controls must therefore be selected and implemented. The security controls that we employ are based on the International Organization for Standardization (ISO) / IEC 27000 family of standards that set out internationally accepted best practice and which we at HeadUp adhere to as part of our day to day operations and ways of working across the business.

Our Information Security Management System (ISMS)

HeadUp has established and maintains a comprehensive information security strategy to ensure the ongoing security, confidentiality, integrity, and availability of your information and to protect such information against unauthorized access.Information security functions at HeadUp are managed by our overarching Information Security Management System (ISMS), aligned to the international ISO 27001:2013 certification standard. Our ISMS has been designed to comply with international regulatory requirements and guidelines, as well as managing information in the most responsible, appropriate, and secure manner. Our overarching ISMS responsibilities include:

  • Assessing all our policies, procedures, and guidelines governing information security and privacy

  • Assessing, controlling, and mitigating risk, both technical and non-technical in nature

  • Threat evaluation, monitoring, coordinating mitigation and remediation plans

  • Communicating information across the business and supporting and promoting continuous improvement in our security stance

To ensure compliance with all relevant laws and regulations, as well as providing you with the greatest level of security, the validation of all security functions is deeply integrated into our company policies and procedures and is regularly evaluated by our Information Security Governance Committee (ISGC) and Security, Compliance, and Risk areas of the organisation, as well as approved and endorsed by senior management.HeadUp concerns itself with all facets of information security, including the effective risk management of the technologies it uses. We work to ensure the ongoing confidentiality, integrity, and availability of all HeadUp information and address such fundamental practices as: account provisioning and protection, account administration, access control, identity management, security governance, standards and authoring, security architecture, department security, IT security management, standards compliance, threat and vulnerability analysis, security events monitoring, and cybersecurity incident response.A comprehensive suite of detailed security policies has also been documented and published, focusing on specific areas of information security, including:

  • Information Security Management

  • Information Classification and Handling

  • Access Control

  • Physical and Environmental Security

  • Network Security

  • Mobile Computing and Remote Access

  • Operational Management

  • Incident Management

  • System and Process Development

  • Business Continuity Management

  • External Party Security

  • Human Resources Security 

Operating procedures to support the policy requirements have also been developed. These include:

  • Document Control

  • Policy Non-Compliance

  • Risk Management

  • Information Security Governance

  • Internal audit

  • Business Continuity Management

HeadUp Labs  utilizes a broad range of modern technology solutions to meet our information security goals. Some examples of technologies in use include: anti-virus management software, secure encryption in transit and at rest, host intrusion detection, network intrusion detection, firewalls, and vulnerability scanning tools.We are committed to providing vigilant, strategic, and proactive information security and continually strive to maintain the strictest protection for you and your data at all times.