We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Bitsight - Vulnerability Management Service: GDPR information
For administrative purposes, Participating Trusts nominate an individual(s) to act as the main point of contact (PoC) for External Vulnerability Scanning. Nominated individual(s) will receive a BitSight user account.
|How we use the information (processing activities)||BitSight provides a non-intrusive risk-based vulnerability scorecard based on publicly available information sources. This tool provides a “vulnerability credit” rating for each NHS Organisation.|
|Does this contain sensitive (special category) data such as health information?||No|
|Who are recipients of this data?||
|Is data transferred outside the UK?||Outside EAA|
|How long the data is kept||24 months|
|Our lawful basis for holding this data||Legal obligation|
|How can you withdraw your consent?||
Consent is not the basis for processing
|Is the data subject to decisions made solely by computers? (automated decision making)||No|
|Where does this data come from?||The Data is collated by Bitsight servers primarily based in America, However as this data is obtained by Bitsight Services, via the open source internet, and collated by them, they are the data owners, not NHS Digital|
|The legal basis for collecting this data||