Where and what are the boundaries of the ‘safe haven’ which are being accredited – the charter restricts the definition to the analytical platform where access to anonymised data is being given, but does not necessarily include the preceding stages (anonymisation/linking agents, etc)? The boundaries of the ‘safe haven’ should include the linkage agent etc […]

What about other standards and the controls (for example ISO9000 and ISO15489), these are equally if not more important than information security in protecting data? Addressed in the additional controls included in accreditation set

Does ISO 2700 ISMS certification get you automatic safe haven accreditation, and if not why not? The existing ISO certification should shortcut most of the work, but evidence still required and additional controls not in ISO 2700 need to be addressed