Key details

Amplitude takes the security of the data it processes, on behalf of our customers, extremely seriously. As such, we have deployed the highest levels of security features in our software.


NHS data is hosted over the secure HSCN network (formally, the N3 network). Data from all organisations is hosted on Azure; Microsoft’s Cloud hosting solution, a secure cloud network. Azure offers the very highest levels of security.


In all cases, the transmitting of data between the client browser and the Azure cloud infrastructure is handled via HTTPS, ensuring the encrypted transmission of data at all times.


Redcentric is Amplitude’s hosted cloud provider, presenting HSCN connectivity to the Azure cloud platform.


Annual independent penetration testing at the application level is carried out to ensure a strong security posture. Amplitude Clinical engaged with Mitigate Cyber in order to assess the overall security posture of their environment.


Based on Amplitude Clinical’s risk profile, primary security concerns and the vulnerabilities identified at the point of the engagement, Mitigate Cyber found that overall, the security of the Amplitude systems was found to be excellent.


The next testing is now scheduled for 2023/24.

Azure and Redcentric Certifications


Azure – ISO 27001 – Information Security Management

Azure – ISO 27018 – Management System For Protection of PII In Public Clouds Acting As PII Processors

Redcentric – ISO 22301 – Business Continuity Management

Redcentric – ISO 27001 – Information Security Management

Redcentric – ISO 9001 – Quality Management System

Redcentric – ISO 14001 – Environmental Management System

Redcentric – ISO 20000 – IT Service Management

Amplitude-specific documentation


Example Usage and Data Policy

Example Registry Caldicott Guardian Letter

Example Registry Data Request Form

Example Registry User Guide

Example Registry Website Privacy Policy