Operose Health has successfully passed an independent audit confirming the organisation meets internationally recognised standards for keeping information safe and well-managed.
The ISO/IEC 27001 audit examined how Operose Health - one of the largest and leading providers of primary care in England - protects patient information, manages sensitive data, and maintains clear governance processes. This includes across the services it delivers to over 700,000 registered patients, at 82 locations, such as GP surgeries and urgent care centres.
Notably, by achieving this prestigious and important audit mark, it confirms Operose Health's systems are exceeding the requirements typically expected within the NHS. This reflects the ongoing work of teams to ensure that patient information is handled safely, securely and responsibly.
The assessment highlighted many strengths across the organisation's systems, processes and staff, including:
- Strong adherence to core policies and procedures, with staff showing a clear and consistent understanding of processes
- Key internal controls operating effectively, reducing the likelihood of errors, non‑compliance, or fraud
- Documentation well organised, complete, and easy to access and trace
- Clear evidence of continuous improvement, with several processes showing measurable progress since the previous audit
- Strong staff engagement and cooperation, with teams providing information quickly and clearly with a proactive approach
- Effective leadership oversight, demonstrated through regular monitoring, reporting, and strategic alignment with organisational goals.
Kathleen Bailey, Director of Quality Assurance at Operose Health, said:
''We are delighted to see this result which shows the strong systems we have in place to protect patient information and manage data securely across our practices and central teams, at a time when cyber threats are increasing and continuing to evolve.
''The audit confirmed that our standards go above and beyond those typically expected within the NHS, thanks to the fantastic efforts of our colleagues across the organisation.
''The review looked at how we identify and manage risks, and the day-to-day work of our dedicated frontline and back-office teams who help to maintain consistent standards for the patients and communities we serve.''