Governance and Security

Governance and Security

The relationship between the DaSH Steering Committee and wider Research Governance structures both locally and nationally demonstrates the wider regulatory and compliance context that DaSH operates within. Information Security requirements are one aspect of this environment; compliance with research ethics and data protection legislation are also necessary.


Audits

In addition to accreditation via the Scottish Safe Haven Charter, DaSH undergoes independent ISO27001 accreditation. ISO27001 accreditation is the world's best-known standard for information security management systems (ISMS). Conformity with ISO27001 means that DaSH has put in place a system to manage risks related to the security of data it processes, and that this system ensures the best practices and principles establishing, implementing, maintaining and continually improving an ISMS.

DaSH was first ISO27001 accredited in April 2019, and was successfully re-certified in April 2022. The next full certification is scheduled for March 2025. Annual surveillance audits occur between full recertifications. DaSH also undergoes an annual internal audit adhering to ISO27001 standards and is separate from the external audit.