News

Prioritising information security at the UK LLC

By Katharine Evans, Governance & Policy Manager

23rd May 2022

Enjoying information security surprises me. My PhD and subsequent research focused on evolutionary biology, but a move to Australia tempted me to try wider roles at the Menzies School of Health Research, including a stint with their Kidney Health Team. Fast forward a couple of years and I took up the position of Research Manager at the UK Renal Registry in Bristol.

While at the Renal Registry I was lured into information governance and realised that I really liked the jigsaw-like challenge of lining up NHS data permissions to help our statisticians monitor and research the health of the many thousands of people with kidney disease.

When I saw the job advert for the UK LLC I knew I had to apply – this project was attempting data linkage on a scale I had never imagined possible and it looked like a very worthwhile challenge. However, with it being such a new and fast evolving project, my exact role wasn’t defined until a few weeks in and it came as a slight surprise that I was to lead on getting the UK LLC certified both to the ISO 27001 Information Security Standard and the UK Digital Economy Act.

I am absolutely behind this – the contributing studies and their participants are trusting us with the management of their data: it is vital that we aim to implement gold standard security and governance standards.

Andy Boyd, UK LLC Director, assured me that it wouldn’t take long to get to grips with ISO 27001 language. He was right! After I’d been on a multi-day course and immersed myself fully in it – with the help of Hannah, our Information Security Officer and insights from the ISO programmes at the ALSPAC cohort and SAIL databank – we quickly assembled a list of policies, procedures and other documents that we needed to produce. The wider UK LLC team were instrumental in helping develop these.

Everyone in the team understands the importance of the UK LLC looking after people’s data to the highest standards and have tirelessly and patiently worked with us to achieve the many deadlines we have imposed on them.

It’s been worth all the hard work – just recently we passed our ISO 27001 stage 1 audit and look forward to going for our full certification at stage 2. The next challenge is to get everything in place for DEA accreditation.

The UK LLC is an ambitious, fast paced project, staffed by a highly skilled and committed group of people. It’s really exciting and I’m happy to be a part of it. I envisage the UK LLC resource going from strength to strength and establishing its place in the wider UK research landscape.