A stylised acorn site icon


Security & Governance

Security and standards compliance are key to Acorn

The Acorn Clinical Case Management System is built on the Salesforce Force.com platform; approved for the GOV.UK Digital Marketplace. It is widely used for the processing of NHS information, meaning you can be sure that your data is safe, with industry leading security provisions that satisfy the most demanding standards.

The Acorn system is certified by, compliant with, or adheres to the industry recognised standards set out below.

ISO Certifications

Acorn’s compliance with the key ISO Standards relating to information and system security has been independently verified, and all certificates are available on request

ISO/IEC 27001:2013

ISO/IEC 27001:2013 is an information security standard that ensures office sites, development centres, support centres and data centres are securely managed.

ISO/IEC 27017:2015

ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending cloud-specific information security controls.

ISO/IEC 27018:2019

ISO/IEC 27018:2019 covers privacy protections for the processing of personal information by cloud service providers.

UK NHS Accreditations


The NHS Data Security and Protection Toolkit provides companies with the resources to measure their performance against the UK National Data Guardian’s 10 data security standards.
The system is rated as "Standards Exceeded"


Acorn processes data in accordance with the NHS's DCB0129 clinical risk management standard, which providers of health IT systems and apps used within the NHS are required to comply with.

The DCB0129 standard is governed by NHS Digital and compliance is mandatory under the Health and Social care Act 2012. We maintain up-to-date documentation to evidence that the system has been established and maintained to mitigate risk. These documents can be supplied to any potential partner interested in deploying Acorn in support of NHS Commissions.

Other Related Features

Cyber Essentials Plus

Developed as part of the UK's National Cyber Security Programme. This scheme is mandatory for the UK central government contracts that involve handling personal data.

MFA Support

Multi-Factor Authentication is a mandatory requirement for any user logging into the Acorn Case Management system. An added layer of security protecting your data.

UK Datacentre

All your data is hosted in a PCI compliant UK Datacentre, supported by rigorous physical security, including 24-hr manned security, biometric access, and environmental control.

Single Sign On

Acorn can be configured to trust a third-party identity provider to authenticate users, allowing them to login once in the morning and access all permitted systems seamlessly.

User Self Service

Users have the ability to reset their own passwords if they forget them, reducing downtime and helping to relieve the burden on support staff and the service desk.

GDPR Compliant

Acorn supports your journey towards GDPR compliance by providing the tools to allow you to be transparent and accountable for your use of your patients personal data.

Audit Trail

Acorn records all changes to records in a detailed audit trail, allowing admins to see who changed what and when. A complete history of every login is also provided.

Data Segregation

Choose who see what data in the Acorn system - keep data private, or allow users to see all data, or anything in between. Acorn makes it easy to partition your data.

Data Export & Backup​

Acorn provides the ability to automatically backup and export your data on a regular basis. Although you should never need to restore it, having a backup is essential.