Information security and data

Nuffield Trust is dedicated to protecting all data it holds using industry best practices. It is the policy of Nuffield Trust that information assets are protected from all threats, whether internal or external, deliberate or accidental.

We have achieved the ISO/IEC 27001:2022 Information Security standard. The scope of our certification covers all IT systems and Microdata utilised as part of our research activities. This certification validates that Nuffield Trust has implemented an Information Security Management System (ISMS) that conforms to the the internationally recognised ISO/IEC 27001:2022 standard. Specifically:

• Risk assessment and risk treatment
• Information will be protected against unauthorised access
• Confidentiality of information will be assured
• Integrity of information will be maintained
• Regulatory and legislative requirements will be met
• Business continuity plans will be produced, maintained and tested
• Information security requirements will be communicated to all staff
• IT systems will not be misused.

Data provided to the Nuffield Trust will be processed in accordance with all applicable privacy and data protection legislation. See our Terms and conditions and Privacy notice for more information. For details of our ISO/IEC 27001:2022 certification scope please contact our Information Governance Officer.