Data security & regulatory compliance

Our combination of the latest technology with a rigorous procedural approach enables us to be confident that your data is always reliably collected, accurate and secure.

We ensure that our products, services and client requirements comply with any appropriate national and international statute, law and guidelines. These include Data Protection and Privacy, Good Practices Regulation, Title 21 of the Code of Federal Regulations, and meeting regulatory guidelines on Medical Device Reporting and Medical Device Databases.

The British Standards Institution (BSI) a respected, globally recognised organisation with over 100 years of expertise is our ‘Notified Body’ and provides us with rigorous regulatory and quality management reviews and product certifications.

In the UK, the Medicines and Healthcare products Regulatory Agency (MHRA) is our ‘Regulatory Authority’, responsible by law for safeguarding public health by ensuring that healthcare products and medical equipment meet appropriate standards of safety, quality, performance, effectiveness and are used safely.

Data security

Security is a major concern for all studies. As an ISO 27001 certified company, Cambridge Cognition always ensures the highest levels of data security. All CANTAB® study data is synchronised between devices and centralised through secure cloud servers.

ISO 27001 Information security management

Adopting best practices to protect the integrity, confidentiality and availability of data to ensure organisation-wide protection. 

Data transmission is secured using financial and healthcare industry standard techniques for encryption. Data is automatically sent with error-detection checks to ensure integrity on arrival. Our software performs further checks to ensure data transmission is complete before the encrypted local copies are deleted. 

We keep data secure by:

  • Encrypting data at rest
  • Using HTTPS encryption for all data transfers
  • Only permitting authorised users access to study data
  • Secure servers in HIPAA/GDPR compliant private cloud
Our applications are independently security tested annually against both third party penetration and authorised user abuse. Our HIPAA/GDPR compliant data centre and office locations use both passive and active security monitoring tools to ensure maximum data security.

Cambridge Cognition and our platforms have been audited by the Medicines and Healthcare products Regulatory Agency and British Standards Institute, as well as external audits arranged by our customers.


Our Quality Management System (QMS) is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction, aligned with our strategic direction.
It is expressed as the organisational structure and goals, policies, processes, documented information and resources needed to implement and maintain it. It is a reflection of what our organisation does, how it is done and how it is managed.

We are committed to ensuring our products, services and staff meet the requirements of the following international standards:

ISO 9001 – Quality management

The provision of computerised cognitive testing systems and consultancy for academic research, pharmaceutical and healthcare customers, including associated training, technical support and data processing services.

ISO 13485 – Medical devices – Quality management system

Design and development of computerised cognitive testing systems for use in clinical assessment by healthcare professionals.

Technical validation

We use the latest technologies to ensure outstanding performance, scalability, and resilience. Our cloud products are always kept up to date with our latest software innovations using an agile software development methodology with automated software updates to all systems, CANTAB ConnectTM guarantees software version consistency across multiple sites globally.

Our software development is completed in compliance with GAMP 5 guidance and our products are compliant with 21 CFR Part 11 and EU Annex 11. All software updates are reviewed prior to release, with validation documentation ensuring traceability from user story to test case results.

Our recommended hardware systems are tested using robotic tools to ensure that cognitive latency measures are accurately captured, ensuring test-retest reliability for all reaction-time measurements. Every new model we recommend has been rigorously assessed and validated for use.

For more information on our data security, quality management or technical validation processes, please complete the form below to get in touch.

Scroll to Top