What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? We acquired the Florence application in November 2020 and Evalian® was already the data protection officer for that. We had up until then done this work in-house but decided that we needed similar support with data protection for the ART application as the work was becoming more burdensome and complicated.
We also had ISO 27001 certification in place for both applications but we wanted to amalgamate them into one and gain an organisational-level certification. However, we decided this was quite a large project that we needed outside help with and we were delighted to learn that Evalian provides this service as well. We started that work in August 2021 and received Group certification in December 2021.
Please describe the reasons you decided to work with us. We had already done a lot regarding policies and procedures but didn’t have that expert knowledge internally. I liked what Evalian® were doing with Florence, and after getting to know our Evalian® data protection consultants (Phil and Dan) and then meeting Evalian’s ISO consultant Chris, I felt confident in the services and level of support they were providing us with. I liked their pragmatic approach.
Did you have any expectations going into the process? It was important to me that for the ISO combination project we would try to minimize duplication of work as much as possible given that we already had an ISO certification for each platform. I was very happy with how Chris S worked and his practical approach, for example, he would tell us “you don’t need to repeat that”, or advise us that it was fine to stick with a certain format. I also wasn’t sure about all the technical and legal requirements, and Evalian® really helped with that level of support.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? On the data protection side, we learned a lot throughout the process of working with Evalian®. After having our scoping calls, the team were able to tell us which areas needed to be developed further and the areas that could be left until a little later on.
The ISO certification was a bigger project generally, we shared everything we had with our Evalian® consultants and then had weekly calls during which we reviewed progress and agreed on next week’s tasks for both sides.
What changes did you make as a result of working with us? Through working with Evalian®, we have been able to educate our employees more in terms of data protection. There is definitely an improved awareness overall about what policies need to be in place and how to go about that. From an ISO perspective, Evalian® has taught us a lot about how to manage the ongoing maintenance of documents internally.
What has been the most significant achievement for your business facilitated by using our services? Two things. One was we managed to get ISO 27001 certified as a group. Two, we were in a much better place for the NHS DTAC requirement, which is a new NHS X criteria for commissioning digital health technologies. Given the nature of our business, it’s something that was very important for us.
What impact has the results from working with us had on your clients/stakeholders? It gives us more confidence knowing that we can send documentation to our consultants to look over from a legal point of view and get their advice and confirmation quickly, without having to go and read up on it myself and feeling unsure.
What do you hope to achieve in your future working relationship with us? We are looking at other aspects that we can work with Evalian® on. At the moment we are really happy with the progress we have made with Evalian’s support.