Key details

Amplitude takes the security of the data it processes, on behalf of our customers, extremely seriously. As such, we have deployed the highest security features in our software.


NHS data is hosted over the secure HSCN network (formally, the N3 network). Data from all organisations is hosted on Azure; Microsoft’s Cloud hosting solution, a secure cloud network. Azure offers the very highest levels of security.


In all cases, the transmitting of data between the client browser and the Azure cloud infrastructure is handled via HTTPS, ensuring the encrypted transmission of data at all times.


Redcentric is Amplitude’s hosted cloud provider, presenting HSCN connectivity to the Azure cloud platform.


Annual independent penetration testing at the application level is carried out to ensure a strong security posture. Amplitude Clinical engaged with Citation Cyber to assess the overall security posture of their environment.


Based on Amplitude Clinical’s risk profile, primary security concerns and the vulnerabilities identified at the point of the engagement, Mitigate Cyber found that overall, the security of the Amplitude systems was found to be excellent.


The next testing is now scheduled for mid-2024.


Amplitude carries out regular Disaster Recovery tests to ensure system failover between Microsoft Azure datacentres is working effectively and systems can be restored as quickly as possible during a disaster. The last test was run in August 2023 without issue. The next set of tests is scheduled for the end of 2024.

Azure and Redcentric Certifications


Azure - ISO IEC 27018 - 2019 Certificate

Azure – ISO 27001 – Information Security Management

Azure – ISO 27018 – Management System For Protection of PII In Public Clouds Acting As PII Processors

Redcentric – ISO 22301 – Business Continuity Management

Redcentric – ISO 27001 – Information Security Management

Redcentric – ISO 9001 – Quality Management System

Redcentric – ISO 14001 – Environmental Management System

Redcentric – ISO 20000 – IT Service Management

Amplitude-specific documentation


Example Usage and Data Policy

Example Registry Caldicott Guardian Letter

Example Registry Data Request Form

Example Registry User Guide

Example Registry Website Privacy Policy