<p>Some messages include sensitive information like security codes or password reset links.</p>
<p>If you’re sending a message with sensitive information, you can choose to hide those details on the Notify dashboard once the message has been sent. This means that only the message recipient will be able to see that information.</p>
<p>If signing in with a text message is a problem for your team, <aclass="govuk-link govuk-link--no-visited-state"href="https://www.notifications.service.gov.uk/">contact us</a> to find out about using an email link instead.</p>
<li>formal risk assessments based on <aclass="govuk-link govuk-link--no-visited-state"href="http://www.iso.org/iso/catalogue_detail?csnumber=56742">ISO 2700:2011</a> and National Cyber Security Centre guidance</li>
<li><aclass="govuk-link govuk-link--no-visited-state"href="https://www.cesg.gov.uk/articles/check-fundamental-principles">CHECK</a>-based testing, both annually and when any major changes are made to Notify</li>
<p>You can use Notify to send messages classified as ‘OFFICIAL’ or ‘OFFICIAL-SENSITIVE’ under the <aclass="govuk-link govuk-link--no-visited-state"href="https://www.gov.uk/government/publications/government-security-classifications">Government Security Classifications</a> policy.</p>
<p>You must not use Notify to send ‘<aclass="govuk-link govuk-link--no-visited-state"href="https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/special-category-data/">special category data</a>’, as defined in the General Data Protection Regulation (GDPR).</p>
<p>The Notify team has Security Check (SC) level clearance from <aclass="govuk-link govuk-link--no-visited-state"href="https://www.gov.uk/guidance/security-vetting-and-clearance">United Kingdom Security Vetting</a> (UKSV).</p>