Nuffield Trust is dedicated to protecting all data it holds using industry best standards. It is the policy of Nuffield Trust that information assets are protected from all threats, whether internal or external, deliberate or accidental. We have achieved the ISO/IEC 27001:2013 Information Security standard.


File 10843Nuffield Trust has established an Information Security Management System (ISMS) that is compliant to the ISO/IEC 27001:2013 Information Security standard; appropriate and secure management of data is included within the scope of the ISMS. This certification validates that Nuffield Trust has implemented the internationally recognised information security controls defined in ISO/IEC 27001:2013. Specifically:

  • Risk Assessment and risk treatment
  • Information will be protected against unauthorised access
  • Confidentiality of information will be assured
  • Integrity of information will be maintained
  • Regulatory and legislative requirements will be met
  • Business Continuity plans will be produced, maintained and tested
  • Information security requirements will be communicated to all staff
  • IT systems will not be misused.

All data provided to Nuffield Trust will be processed in accordance with applicable legislation including the Data Protection Act 1998. See our Terms and conditions and Privacy policy for more information. For details of our ISO/IEC 27001:2013 certification scope please request a copy of our Information Security Policy.

Email to a friend

Your message will be:

I thought you might be interested in this page on The Nuffield Trust website.