ISO 27001 - information Security Management
With CHARMS all sensitive data on children and vulnerable adults is held, securely in data centres in the UK which comply with the ISO27001 international standard described by the ISO themselves as:
'ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS). It defines requirements an ISMS must meet.
The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.
Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard. - https://www.iso.org/standard/27001
CHARMS is hosted in data centres which are operated by a company called ANS which is ISO27001 certified. We maintain full disaster recovery so that even in the event of a complete failure of one of the data centres the backup data centre takes over so that the service continues - vital for the children services environment.
Cyber threats are also now much more prevalent and at CHARMS we renew our Cyber Essentials Plus certification in the UK on a yearly basis to ensure that your data is as safe as possible from attacks such as ransomware attacks. The Cyber Essentials Plus certification includes a rigorous, yearly inspection of our infrastructure and an in depth analysis of our security procedures.
With CHARMS you can also connect remote users securely and seamlessly using multi-factor authentication (MFA) and single sign-on (SSO).
All of these measures are implemented with CHARMS and we have your data covered, all the time.
CHARMS Document Store. CHARMS allows important documentation to be uploaded. These documents (any file format) can be easily accessed by anyone with the correct user permission or emailed onto anyone, securely using the built-in CHARMS Portal. They would include statement of purpose, CCTV and whistle-blowing policy, as well as all other policies and procedures,
One of the first things inspectors will want to see is evidence of the qualifications of the registered manager. CHARMS has a dedicated, built-in staff/volunteer management system.
Staff records all in one place. including:
(All files e.g. CVs are uploaded to CHARMS)
The master copy of your statement of purpose is kept in the unique CHARMS Document Store. It can be shared with all staff and third parties. When it is updated the previous version is archived and each version is dated so inspectors can see, at a glance, how up-to-date it is.
(See Appendix A – National Minimum Standards – 20, Records)
The parent(s) and child(ren) each have their own records, linked together as a family group.
The front sheet, record includes:
The full history of:
(All files e.g. children’s care plans from the LA are uploaded to CHARMS)
Every event in relation to the home is recorded immediately, electronically using a PC, Laptop, Tablet or smartphone. These include
Children and young people can logon
Regulations: 19. Records
Outcomes: Records are clear, up-to-date and stored securely, and contribute to an understanding of the parents’ and children’s life.
20.1 The centre implements an effective policy that clarifies the purpose, format and content of information to be kept on the registered person’s files and information to be kept on the parents’ and children’s files. Records may be kept in electronic form, provided the information is capable of being reproduced in a legible form.
20.2 Staff understand the nature of records maintained and follow the centre’s policy for the keeping and retention of files, managing confidential information, and access to files (including files removed from the premises). There is a system in place to monitor the quality and adequacy of record keeping and take action when needed.
20.3 The registered person ensures there is a private and secure record for each family. Parents and children understand the nature of records maintained and where possible, read their files, correct errors and add personal statements.
20.4 Information about individuals is kept confidential and only shared with those who have a legitimate need to know the information.
20.5 Entries in records are legible, clearly expressed and non-stigmatizing; and distinguish as far as possible between fact, opinion and third party information.
20.6 The registered person works with the responsible authority to share information held in the centre’s records about the parent or child and information held in the responsible authorities’ records. The registered person provides copies of the records and documents in relation to parents and children to the responsible authority immediately, on receipt of a written or electronic request.