Trust & Security

Built for institutional trust

CareSkillset is designed to meet the highest standards of data protection, governance, and regulatory compliance.

Security architecture

Defence in depth

Identity Management

  • Cryptographic passport signatures
  • SHA-256 data fingerprinting
  • Tamper-evident verification
  • Unique staff identifiers

Data Protection

  • Object storage encryption
  • At-rest and in-transit encryption
  • Time-limited access tokens
  • Automatic data expiry

Access Control

  • Candidate consent for all sharing
  • Read-only employer access
  • Role-based permissions
  • Session-based authentication

Audit & Governance

  • Every action logged
  • Verification audit trails
  • Access logs with timestamps
  • Regulator-grade compliance

Infrastructure

  • Cloud-native architecture
  • Horizontal scalability
  • Automated backups
  • DDoS protection

Compliance

  • GDPR compliant
  • CQC-aligned governance
  • Data residency controls
  • Right to erasure support

Audit trail

Everything is logged

Verification logs

Every certificate verification is recorded with admin identity and timestamp.

Access logs

Every employer passport view is logged with IP, duration, and requester identity.

Transfer logs

Provider-to-provider transfers maintain complete chain of custody.

Regeneration logs

Passport regeneration events tracked with data fingerprint changes.

Questions about security?

Our team is ready to discuss your compliance requirements.