NHS England Post Audit Review: Ipsos
This report provides the formal closure of the remote data sharing audit of Ipsos between 25 November and 5 December 2024.
Audit summary
Purpose
This report provides the formal closure of the remote data sharing audit of Ipsos between 25 November and 5 December 2024 against the requirements of:
- the data sharing framework contract (DSFC): CON-325063-H0M5Y-v2.02
- the data sharing agreement (DSA): DARS-NIC-663093-K1B0K-v1.5
- the organisations’ own policies, processes and procedures
Details of the datasets received under this DSA can be found in the original report here: NHS England Data Sharing Remote Audit: Ipsos - NHS England Digital
The controller is Department of Health and Social Care (DHSC) and the processors are Ipsos, Formara Limited and Txtlocal Limited.
DHSC requires NHS England data for the purpose of the Infant Feeding Survey (IFS). The IFS is a well-established survey having been run periodically since 1975. This will be the ninth wave of the survey. The principal purpose of the survey is to collect data that will provide national estimates on the incidence, prevalence and duration of breastfeeding and other feeding practices adopted by mothers during the first eight to ten months after their baby is born. The survey was a key commitment in the government’s 2019 childhood obesity plan.
DHSC has commissioned Ipsos to run the IFS. Access is required by Ipsos, on behalf of DHSC, to select the survey sample, carry out the mailing of the questionnaires and send the associated reminders. Ipsos have contracted Formara Limited and Txtlocal Limited to carry out specific processing in the form of postal mailings and SMS text messaging. The interviews during the audit were conducted through video conferencing.
Further guidance on the terms used in this post audit review report can be found in version 4 of the Data Sharing Audit Guide.
Post audit review
This post audit review comprised of a desk-based assessment of the action plan and supporting evidence supplied by Ipsos between February and March 2026.
Post audit review outcome
Based on the evidence provided by Ipsos, the Audit Team has closed all the findings. Therefore, no further action is required by the Audit Team and Ipsos.
Updated risk statement
Based on the results of this post audit review the risk statement has been reassessed against the options of Critical - High - Medium - Low.
The following table shows the risk assigned in the original audit, and the risk assigned in the post audit review.
Original risk statement: Medium
Current risk statement: Low
Data recipient’s acceptance statement
Ipsos has reviewed this report and confirmed that it is accurate.
Findings
The following tables identify the 4 agreement nonconformities, 2 organisation nonconformities, 3 observations and 1 point for follow up raised as part of the original audit.
Ipsos
| Ref | Finding | Link to area | Update | Designation | Status |
|---|---|---|---|---|---|
| 1 | A special condition outlined within the DSA with regards to the destruction of data provided by NHS England has not been met. | Data Destruction | The Audit Team received evidence to confirm that the special condition outlined within the DSA with regards to the destruction of data provided by NHS England has now been met. |
Agreement nonconformity |
Closed |
| 2 | The details of one processor listed on the DSA is incorrect. | Access Control | The details of one processor listed on the DSA are no longer applicable as an active DSA is no longer in place. For any future applications to NHS England to access data, Ipsos must ensure that all processors’ details are correct. Should any supplier details change during the project then Ipsos must notify NHS England immediately so that the DSA can be updated accordingly |
Agreement nonconformity |
Closed |
| 3. | Two processors have not been declared on the DSA | Access Control |
The details of one processor listed on the DSA are no longer applicable as an active DSA is no longer in place. For any future applications to NHS England to access data, Ipsos must ensure that all processors’ details are correct. Should any supplier details change during the project then Ipsos must notify NHS England immediately so that the DSA can be updated accordingly. It was also noted that since the original audit Ipsos have established an internal checklist to ensure that all processors are considered during the application, including backup locations of the data. |
Agreement nonconformity |
Closed |
| 4. | Three medium-rated findings identified during a security assessment performed by Ipsos were not remediated within the appropriate timescale, in line with Ipsos policy. | Access Control |
The Audit Team received evidence to confirm that these findings were rectified after the close of the original audit. |
Organisation nonconformity |
Closed |
| 5. | Ipsos have not completed a Vendor Onboard questionnaire or a Vendor-IT Security Context Question Table for one processor | Access Control | As this processor is no longer used by Ipsos, this finding is no longer applicable. The Audit Team received evidence to confirm that Ipsos have subsequently completed all relevant onboarding documentation for one processor. |
Organisation nonconformity |
No longer applicable |
| 6. | One processor advised the Audit Team that they do not provide any data destruction receipt subsequent to data destruction. | Data Destruction | As this processor is no longer used by Ipsos, this finding is no longer applicable. Ipsos will ensure that in future all suppliers used to store data provided by NHSE England can provide suitable proof of deletion. |
Observation |
No longer applicable |
| 7. | A certificate of destruction must be provided to the Data Access Service (DAS) when the data that currently resides within all storage locations is destroyed | Data Destruction |
The Audit Team received evidence to confirm that the data was successfully destroyed in 2024, and a certificate of destruction was provided to DAS. |
Observation | Closed |
| 8. | At the post audit review, the Audit Team will receive an update on the specific outputs that are outlined within section 5c of the DSA. The Audit Team was informed that Ipsos will begin to write the report in January 2025 and publication is expected later in 2025. | Use and Benefits | The Audit Team received updates on the specific outputs that are outlined within section 5c of the DSA. Publication is now expected by June 2026. |
Follow-up |
Closed |
Formara Limited
| Ref | Finding | Link to area | Update | Designation | Status |
|---|---|---|---|---|---|
| 1 | The server being used to store data provided by NHS England is approaching end-of-support. | Access Control | The Audit Team received evidence from Formara Limited to confirm that the server being used to store data is running on an up-to-date and fully supported Operating System. |
Observation |
Closed |
Txtlocal Limited
| Ref | Finding | Link to area | Update | Designation | Status |
|---|---|---|---|---|---|
| 1 | Txtlocal Limited have not completed their annual DSPT submission. | Access Control | As this processor is no longer used by Ipsos, this finding is no longer applicable. |
Agreement nonconformity |
No longer applicable |
Disclaimer
NHS England takes all reasonable care to ensure that this audit report is fair and accurate but cannot accept any liability to any person or organisation, including any third party, for any loss or damage suffered or costs incurred by it arising out of, or in connection with, the use of this report, however such loss or damage is caused. NHS England cannot accept liability for loss occasioned to any person or organisation, including any third party, acting or refraining from acting as a result of any information contained in this report.
Last edited: 29 May 2026 2:07 pm