Digital Research Environment

Corporate Governance


Information lies at the heart of Aridhia’s business and, second to our staff, it is our most important asset. Our reputation is based on how we handle information and are seen to do so by our clients.

Aridhia Informatics Ltd. operates under a range of UK and European Laws, associated codes of practice and international standards. Taken together these provide us with a robust governance framework for information management. Not only does Aridhia work with anonymised data, but we also have a range of privacy enhancing technologies, physical security measures, data agreements, contracts of employment, Standard Operating Procedures and audit measures in place.

Physical Security

Aridhia uses infrastructure housed in a tier three Data Centre. This Data Centre meets the full requirements for managing and storing sensitive personal data and security measures are regularly reviewed and audited.


Aridhia is fully committed to ‘Privacy by Design’, whereby privacy compliance is designed into those systems holding information from the outset, rather than a bolt-on at a later date. The result is that security and privacy become essential components of the core functionality being delivered.

Data Agreements

We have detailed arrangements with each of our clients who are data owners which clearly describe our approach to protecting patient identifiable data and the way we will operate to achieve this.

Privacy Enhancing Technologies

Aridhia offers anonymisation services in relation to data being introduced to the Aridhia DRE platform. Data sent from clinical datasets into research datasets within the platform are always split in a way that maximises data confidentiality. Researchers can only access key datasets via the use of robust, industry standard security systems. This ensures we always know where, when and by whom data is used.

Contracts of Employment

All Aridhia employees have employment contracts which require them to abide by the highest standards of confidentiality and security. They are also required to confirm on an ongoing basis that they understand their responsibilities in relation to the safe information handling. Aridhia employees in relevant roles are required to undertake basic disclosure under Disclosure Scotland.


Aridhia Data Scientists and Aridhia DRE consultants have completed training on MRC Good Research Practice and MRC Research Data and Confidentiality courses exploring the concepts of confidentiality and data protection and aiming to provide users with a framework and tools to interpret the requirements for research with confidence.

International Standards

Information should be captured once, at the point of care. This ensures high levels of data quality and reduces the burden of information collection on health services. Confidentiality, security and clinical safety are paramount when using clinical information systems. Organisations such International Standards Organisation (ISO), the World Health Organisation and Governments across the globe provide standards in each of these areas.

Our preference wherever possible is to use international technical, data and information standards rather than national and local ones. We believe that using international standards facilitates greater interoperability, allow information to flow more freely and enable data to be created once and used multiple times.