P r o v i d e
A n n u a l
R e p o r t
2 0 1 9 - 2 0 2 0
Making Technology Work ISO 27001 REGISTERED This document certifies that
the information security management
PROVIDE (CIC) 900 The Crescent, Colchester Business Park, Colchester,
systems of
Essex CO4 9YQ
have been assessed and approved by QMS International Ltd to following information security the management systems, standards and guidelines:-
ISO 27001 : 2013
Information security
The approved information security management systems apply to the following:THE PROVISION OF IT AND DATA SERVICES AT PROVIDE (CIC) HQ.
Original Approval:
Our work to protect our information assets to a consistently high standard is always high on our agenda and the past year has seen some excellent progress with maintenance of previous assurances and additions of many more layers of protection: We have maintained our Cyber Essentials Plus certification, a technical audit of our systems that has been developed by UK government and industry and aims to ensure protection against the most common forms of internet based cyber-attacks. We have maintained our ISO27001 certification for our IT services which gives internationally recognised assurance about our Information Security Management and have aligned our Child Health Information Services to work to this standard. We have made an improved return to the Data Security & Protection Toolkit, achieving a Standards Exceeded scoring for the second year running. We have undertaken two phishing tests, helping us to both test and target training, education and awareness. Both of these tests showed good levels of awareness. We have migrated our data to a new data centre environment which has increased security and reliability. As part of a regional project we have migrated our N3 connection to the new Health and Social Care Network which is protected by NHS Secure Boundary which is a powerful tool giving perimeter security against internet security threats
22
Current Certificate: Certificate Expiry:
Certificate Number:
30 January 2018 30 January 2018 29 January 2023 278342018
On behalf of QMS International
Ltd
This Certificate remains valid while the holder maintains their management system in accordance with the published standard. To check the validity and status of this certificate please email certificates@qmsuk.com This Certificate is the property of QMS International Ltd and must be returned in the event of cancellation
We have migrated 100% of our desktops and laptops to Windows 10 and utilise Microsoft Advanced Threat Protection which not only helps block and detect threats but also produces a Threat & Vulnerability Management score which has consistently been low (which is good) compared to similar organisations. We have streamlined and mapped our workforce job roles to Smartcard access rights to ensure a consistent and robust approach to access to patient records and information through our main clinical system, TPP SystmOne. We have improved our record keeping standards with 59% of the record keeping standards audited having either remained the same in terms of scoring or shown an increase over last year’s audit. The Annual Data Security and Confidentiality Audit conducted across a number of Provide services showed a high-level assurance in a number of areas including confidential conversations being conducted in private (100%) and confidential information being protected by appropriate technical controls (100%).
