<p>Some messages include sensitive information like security codes or password reset links.</p>
<p>If you’re sending a message with sensitive information, you can choose to hide those details on the Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.</p>
<p>If signing in with a text message is a problem for your team, <ahref="https://www.notifications.service.gov.uk/">contact us</a> to find out about using an email link instead.</p>
<h2class="heading-medium">How we manage risks on Notify</h2>
<p>Things we do to manage risks on Notify include:</p>
<ulclass="list list-bullet">
<li>formal risk assessments based on <ahref="http://www.iso.org/iso/catalogue_detail?csnumber=56742">ISO 2700:2011</a> and National Cyber Security Centre guidance</li>
<li><ahref="https://www.cesg.gov.uk/articles/check-fundamental-principles">CHECK</a>-based testing, both annually and when any major changes are made to Notify</li>
<li>residual risk statement preparation and active management of the risk treatment plan</li>
<li>regular updates to the Privacy Impact Assessment</li>
<p>You can use Notify to send messages classified as ‘OFFICIAL’ or ‘OFFICIAL-SENSITIVE’ under the <ahref="https://www.gov.uk/government/publications/government-security-classifications">Government Security Classifications</a> policy.</p>
<p>You must not use Notify to send ‘<ahref="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/">special category data</a>’, as defined in the General Data Protection Regulation (GDPR).</p>
<p>The Notify team has Security Check (SC) level clearance from <ahref="https://www.gov.uk/guidance/security-vetting-and-clearance">United Kingdom Security Vetting</a> (UKSV).</p>