From 15th June 2022 the ISG will no longer support the browser you are using, Internet Explorer. Please switch to its successor Microsoft Edge or Google Chrome for a compatible experience. For more information please see:
IE11 End of Support - Microsoft
Register a new account
Register with your Microsoft Account
I confirm that I have read and agree to the Information Sharing Gateway
Privacy and Cookies
This Privacy Notice tells you what to expect when the Information Sharing Gateway collects personal information.
This Privacy Notice tells you what to expect when the Information Sharing Gateway (the “ISG”) collects personal information. Providing details on why we hold and process your personal information and your choices, and how to exercise your rights
Our contact details
Name: Information Sharing Gateway
What type of information we have
We currently collect and process the following information:
Personal identifiers such as first name, last name
Contacts information organisation address, work email address and telephone numbers
Internet protocol (IP address)
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
When registering on the platform
Corresponding with us via post, phone or email
Sign up to newsletters, updates and registration as part of the ISG community.
We also receive personal information indirectly, from the following sources in the following scenarios:
Where individual organisations are part of a Super Administration Group where a lead organisation supports administration and registering organisations and their staff
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(f) We have a legitimate interest.
What we do with the information we have
We use the information that you have given us in order to
To provide you with access to the ISG
To support contract and licensing agreements for ISG
To administer and protect ISG (including troubleshooting, data analysis, testing system maintenance, support reporting and hosting of data)
To ensure information security, which includes preventing unauthorised access to ISG
To provide updates and newsletters about ISG and its development either by email or through ISG on-line community
To manage your preferences for notifications within ISG
Users accessing the ISG will have visibility of other users’ email addresses, user roles and organisation details to support collaboration and the management of sharing activities within the ISG.
Where organisation’s are part of Super Administration Group, this information will be accessible to Super administrators to support an organisation with their management of ISG.
Other than other users accessing the ISG, your personal data will not ordinarily be shared with any other individual or any other organisation.
When you sign up to our mailing lists, we do not pass your email address to any third parties. You are only subscribed to the list you have signed up for and are not subscribed to any other lists.
If you do not wish to receive any information from us, please let us know at the point you first contact us or by emailing
If you already receive correspondence from the Information Sharing Gateway and no longer want to, please email
. We will remove your details from any tools or products and will stop any communications updates.
How we store your information
Your information is securely stored on University Hospitals of Morecambe Bay NHS Foundation Trust’s Microsoft Azure data centre. Please see security statement for more detailed information.
We do not make international transfers of data. We do not use information for profiling or automated decision making.
We will only retain your personal information for as long as necessary to fulfil the purposes we collect it for, such as the duration of your organisations contract with ISG. When the data is no longer required, the data can be returned to the originating organisation or deleted securely. If a specific format is required, this must be discussed with the System Support to ensure that if it feasible. The data will be transferred securely and with sent and received receipts. Once receipt is confirmed the personal data will be deleted.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your data protection rights
Under data protection law, you have rights including:
Your right of access
- You have the right to ask us for copies of your personal information.
Your right to rectification
- You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure
- You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
- You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing
- You have the the right to object to the processing of your personal data in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at ISG Development Team at
, if you wish to make a request. The Data Protection Officer responsible for the service can be contacted through this route.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of cookies through the browser settings. To find out more about cookies, including how to see what have been set and how to manage and delete them, visit www.allaboutcookies.org .
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at Data.Officer@mbht.nhs.uk
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
Our privacy notice only relates to information that we obtain from you. If you visit a website operated by a third party through a link included on this website your information may be used differently by the operator of the linked website. When you are moving to another site you are advised to read the privacy notice relating to that website.
If these changes affect how your personal data is processed, we will take reasonable steps to let you know.
The Information Sharing Gateway is a web-based application that is hosted and supported by University Hospitals of Morecambe Bay NHS Foundation Trust (UHMB) (‘Support Service’).
The Web Application is hosted in UHMB Microsoft Azure instance. Microsoft Azure datacentres comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability. To comply with GDPR, the Information Sharing Gateway app is hosted within the MS Azure UK South Data Centre.
Microsoft datacentres have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacentre floor. Full details found here: globally distributed data centre infrastructure summarised as:
Datacentre access request and approval process
Facility’s perimeter security
Building entrance security
Inside the building security pass system
Data centre floor – full body metal detector system
CCTV monitoring & body security scan
Database and Data
The database and data are hosted in the University Hospitals of Morecambe Bay data centre is managed with the same high standards as the Acute Hospitals internal systems, protected by intruder alarms and fire suppression systems.
Equipment is housed in a controlled, secure environment, that is monitored for temperature, humidity, power supply quality and is protected from power supply failures.
Access to the UHMB Data Centre is limited to authorised personnel only
Access to the UHMB Data Centre is via Swipe Card
All access to the UHMB Data Centre is audited
Regular internal audits and risk assessments
Annual 3rd Party IT Health Checks as a minimum
CCTV in the building and at the entrances.
All data in transit (between the ISG website and the UHMB Data Centre) uses AES 256 Encryption
Connection to the ISG web application uses HTTPS (Hypertext Transfer Protocol Secure)
Access to the system is via individual username and user set passwords and approval to access is either managed by individual organisations system administration or via super administration groups working on behalf of other organisations
Access to the platform is limited to ISG Support Team for activities required to support clients' use of the system
UHMB has security protocols in place to support infrastructure management, backup and disaster recovery arrangements and is assured by the Trust completing the NHS Digital Data Security and Protection Toolkit
Support services follow strict formal change management processes for any changes to the production environment, system and configuration.
Audits are kept of access attempts to the system and changes to some data records within the system.
Information Sharing Gateway Terms & Conditions
It is your responsibility to ensure that you understand and comply with these terms and conditions of use.
If you have any questions about these terms, you should contact the Information Sharing Gateway Administration Team at firstname.lastname@example.org
2. General information about the Information Sharing Gateway
The Information Sharing Gateway has been provided to aid registered organisations with their responsibilities when sharing information with other organisations and by using the system, this is the sole purpose for which users are permitted to use the system (the “Permitted Purpose”).
The Information Sharing Gateway must be used in compliance with all relevant laws, regulations, and guidelines, and at no point does it supersede them.
The Information Sharing Gateway Administration Team reserves the right to withdraw, suspend or limit user access in the case of suspected misuse, inappropriate use, or breach of these terms.
You agree that you will:
not provide, or otherwise make available, the system in any form, in whole or in part, to any person without prior written consent from the Information Sharing Gateway Administration Team
not commercially exploit or otherwise allow or re-sell access to the system to any other third party;
not copy, merge, adapt, vary, alter or modify, the whole, or any part of the system;
not use the system to identify individuals or groups of organisations to target for commercial gain or other activities unconnected with the Permitted Purpose, either on your behalf or on that of a third party;
only use the system for the Permitted Purpose.
4. Acceptable Use Policy
not use the system in any unlawful manner, for any unlawful purpose, or in any manner inconsistent with these terms, or act fraudulently or maliciously, for example, by hacking into or inserting malicious code, such as viruses, or harmful data, into the system or any operating system;
not infringe any intellectual property rights in relation to your use of the system;
not transmit any material that is defamatory, offensive, or otherwise objectionable in relation to your use of the system;
not use the system in a way that could damage, disable, overburden, impair or compromise the system or security or interfere with other users;
not collect or harvest any information or data from the system;
not attempt to disguise your identity or that of your organisation;
not attempt to interfere with the technical components, both hardware and software, of the system in any way;
when setting up your user account, identify yourself honestly, accurately, and completely;
ensure your password and answers to your security questions for the system are always kept confidential and secure, and contact the Administration Team if you become aware of any unauthorised access to your Information Sharing Gateway account;.
only access the Information Sharing Gateway with your own username and password and never share your access credentials with others;
never input your Information Sharing Gateway password into any other website, and you will never be asked for your Information Sharing Gateway password e.g., by phone or email. You must not divulge this information to anyone, even if asked.
All communication and material you send through the Information Sharing Gateway is assumed to be official correspondence from you acting in your official capacity on behalf of your organisation.
You must familiarise yourself with the Information Sharing Gateway security and privacy statements, as well as the systems guidance documents if required.
It is your responsibility to check that you are engaging with the correct recipient, as there may be more than one organisation with a similar name using the service or registered with the ICO.
Content of the Information Sharing Gateway may be admissible as evidence in a court of law and agreements may be classified as legal documents. An organisation’s content within the Information Sharing Gateway may also need to be disclosed under the Freedom of Information Act 2000, the UK GDPR, and the Data Protection Act 2018.
It is your responsibility to make sure that your details in the system are correct and up to date.
You have no intellectual property rights in, or to, the system or any information or data held in the system, other than the right to access and use them in accordance with these terms for the Permitted Purpose.
5. Breach of these terms
The Information Sharing Gateway Administration Team reserves the right to withdraw, suspend or limit user access at any time and in particular in the case of suspected misuse, inappropriate use, or breach of these terms.
6. Governing Law and Jurisdiction
These terms shall be governed by and construed in accordance with the law of England, and the courts of England shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this agreement or its subject matter.