Security and data protection

We take security seriously at Sealed Envelope. All our systems are built with security considerations as the number one priority.

Our systems are hosted in a fully audited Rackspace data-centre in the UK. Rackspace provide world class data-centres with multiple certifications including ISO 27001:2005 (Information Security) and 9001:2008 (Quality Management). Reliability of our services is excellent - we constantly monitor our servers and are alerted of any downtime. You can view our uptime live.

All data is instantly mirrored to another server located elsewhere in the UK so that even in the event of a natural disaster we will be able to recover our services quickly. All databases are also backed up daily and kept for 30 days.

All connections to our web applications are accessed via encrypted HTTPS connections using Transport Layer Security (TLS). TLS is an industry-standard way of passing sensitive information between computers. It is often used, for instance, for online banking or to securely transfer credit card numbers across the Internet.

Logical security is built into all our applications through role based permissions. Detailed audit trails (log files) are kept for each trial and available for download from within the relevant application.

Sealed Envelope are registered as a data controller with the Information Commissioner's Office (ICO) and inspected by the MHRA, the UK clinical trials regulator.


We do not allow unencrypted patient names or addresses to be stored on our web servers. Identifiers such as date of birth, initials and local hospital number are sufficient to identify patients locally. On randomisation a unique patient serial number is generated that can be used on subsequent trial paperwork and for linking databases.