ISO Alignment

Alignment with ISO 27001 – Information Security Management

The Well at Work Project (WAWP) applies appropriate technical and organisational measures to protect the confidentiality, integrity, and availability of information processed through the platform.

This includes:

Access control

Role-based access is applied across systems. Managers can access Level 1 DSE assessment outcomes for their own teams only. Specialist assessment data is restricted to authorised professionals.

Data minimisation and purpose limitation

Level 1 DSE assessments are limited to screening and risk identification. Clinical or specialist assessment data is intentionally excluded from the platform.

Secure storage

Platform data is hosted using secure, reputable systems with appropriate contractual data protection safeguards in place. Specialist assessment records are stored separately within secure medical records systems.

Secure data transfer

Specialist assessment reports are shared with designated managers via password-protected PDF, with passwords issued separately.

Incident management

Procedures are in place to identify, assess, record, and respond to information security incidents and personal data breaches, including escalation to the ICO where legally required.

Governance leading practices

WAWP maintains a privacy notice, data retention policy, breach response process, and Data Protection Impact Assessment (DPIA) to support accountable data processing.

Alignment with ISO 45001 – Occupational Health & Safety Management

WAWP supports organisations to identify, assess, and manage Display Screen Equipment (DSE) risks in a structured and proportionate way.

This includes:

Risk identification

Level 1 DSE assessments are used to identify workstation and work environment risks and to flag potential issues requiring action or escalation.

Risk escalation and control

Clear escalation pathways exist from Level 1 screening to Level 2 and Level 3 specialist DSE assessments where required.

Competence and professional boundaries

Specialist assessments are delivered by appropriately qualified professionals, with clear boundaries between ergonomic assessment, wellbeing advice, and medical diagnosis.

Documentation and traceability

Assessments and recommendations are documented, allowing organisations to demonstrate suitable and sufficient DSE risk management.

Continuous improvement

Aggregated and anonymised data may be used to identify trends, inform training, and support ongoing workplace wellbeing strategies.

Summary

The Well at Work Platform has been designed to align with the principles of ISO 27001 and ISO 45001 through proportionate, risk-based controls appropriate to the services provided. This approach supports robust information security, effective health and safety risk management, and regulatory compliance without unnecessary complexity.

Further documentation can be provided on request as part of due diligence or procurement processes.