Close Button
Home / About Us / Governance /

Information Security

Information Security

At Benenden Hospital we take the security of your information as seriously as you do.



Our promise to you

  • We’re committed to maintaining the security of your information as a patient, a visitor or a staff member
  • We strive to uphold and comply with the laws, regulations, statutory requirements and standards that govern the security and protection of data and information
  • We aim to be transparent in the services we provide and the information we process in order to deliver quality healthcare

How we keep your information safe

We’ll ensure that:

  • Your information is protected against unauthorised access, changes, destruction or loss
  • Your information is kept confidential
  • The information we hold about you is accurate and reliable
  • Your information is made available to you, if you request it
  • We uphold all regulatory and legislative requirements
  • We produce, maintain and test our business continuity plans
  • Information security training and awareness will be available to all staff
  • Our suppliers, partners and any other third parties who work with, or for us, will be required - through a Service Level Agreement - to comply with our governance policies
  • Our information security requirements are aligned with our organisational strategies and objectives
  • We continuously and systematically review and improve the Information Security Management System (ISMS)

To find out more about how we collect, use and store your data, please view our Privacy Notice.

How is information security managed at Benenden Hospital?

We’re governed by our own policies, and by various legislative acts, such as the Health & Social Care Act, the Data Protection Act, and the Computer Misuse Act. We uphold these acts through our polices and in the delivery of our products and services.

We have a full-time Information Security Officer, who has responsibility for information security and data protection and is registered with the Information Commissioners Office as a data controller. If you have a complaint or concern about the security of your information, you should contact them by post at:

Information Security Officer, Benenden Hospital Trust, Goddard’s Green Road, Benenden, Cranbrook, Kent TN17 4AX.

By email at DataProtectionOfficer@benenden.org.uk or by phone on 01580 857415.

Our ICO registration number is Z729839X.

Staff training in information security

All our staff undergo annual information governance training and awareness on information security and data protection requirements to ensure that they understand the latest governance requirements.

Our certifications

In 2021 we achieved certification in Cyber Essentials Plus which is a Government backed scheme and involves an independent, technical audit of our systems and controls to ensure our hospital is guarded against cyber attack. Cyber Essentials Plus demonstrates our commitment to cyber security and to the security of the patient data we hold.

The certification must be renewed annually, and Benenden Hospital’s most recent renewal audit was in December 2023.

Cyber Essentials Plus

What can I do to protect myself and my personal information?

1. Create a strong and unique password

It’s important that you choose login details that are difficult for others to guess, and which are unique for each site you register on. Use a combination of uppercase and lowercase letters, numbers and special characters, and avoid common phrases or words, your date of birth or any other information which is easy for someone else to guess or find out.

2. Protect your identity online

Limit what personal details you share online, especially on social media or discussion forums.

3. Keep your device’s software up to date

Whichever device you use online, make sure that you keep its operating system up to date. You can set up your device to automatically receive updates via the internet. It’s also important to install the latest version of your web browser from your browser provider’s website.

4. Install anti-virus software

Anti-virus software helps protect you and your information. Viruses can steal personal information, take over your computer or attack other people’s machines. Make sure to update the anti-virus application on a regular basis.

5. Be aware of fake websites and emails

Criminals use fake websites and emails to trick people into giving away their passwords and other personal information. If you receive an email that looks like it comes from us, but you’re unsure, please call us on 01580 363158. Never enter your personal details, email address or password if requested to on any email. A genuine secure email never asks for your email credentials.

Further information and advice on staying safe online is available from the Cyber Aware website.