4 minute read
Making Technology Work
Information security
Our work to protect our information assets to a consistently high standard is always high on our agenda and the past year has seen some excellent progress with maintenance of previous assurances and additions of many more layers of protection: assurance in a number of
ISO 27001 REGISTERED
This document certifies that the information security management systems of PROVIDE (CIC) 900 The Crescent, Colchester Business Park, Colchester, Essex CO4 9YQ have been assessed and approved by QMS International Ltd to the following information security management systems, standards and guidelines:ISO 27001 : 2013 The approved information security management systems apply to the following:THE PROVISION OF IT AND DATA SERVICES AT PROVIDE (CIC) HQ.
Original Approval:
Current Certificate:
Certificate Expiry:
Certificate Number: 30 January 2018
30 January 2018
29 January 2023
278342018
On behalf of QMS International Ltd
This Certificate remains valid while the holder maintains their management system in accordance with the published standard. To check the validity and status of this certificate please email certificates@qmsuk.com This Certificate is the property of QMS International Ltd and must be returned in the event of cancellation
We have maintained our Cyber Essentials Plus certification, a technical audit of our systems that has been developed by UK government and industry and aims to ensure protection against the most common forms of internet based cyber-attacks. We have maintained our ISO27001 certification for our IT services which gives internationally recognised assurance about our Information Security Management and have aligned our Child Health Information Services to work to this standard.
We have made an improved return to the Data Security & Protection Toolkit, achieving a Standards Exceeded scoring for the second year running. We have undertaken two phishing tests, helping us to both test and target training, education and awareness. Both of these tests showed good levels of awareness. We have migrated our data to a new data centre environment which has increased security and reliability. As part of a regional project we have migrated our N3 connection to the new Health and Social Care Network which is protected by NHS Secure Boundary which is a powerful tool giving perimeter security against We have migrated 100% of our desktops and laptops to Windows 10 and utilise Microsoft Advanced Threat Protection which not only helps block and detect threats but also produces a Threat & Vulnerability Management score which has consistently been low (which is good) compared to similar organisations. We have streamlined and mapped our workforce job roles to Smartcard access rights to ensure a consistent and robust approach to access to patient records and information through our main clinical system, TPP SystmOne. We have improved our record keeping standards with 59% of the record keeping standards audited having either remained the same in terms of scoring or shown an increase over last year’s audit. The Annual Data Security and Confidentiality Audit conducted across a number of Provide services showed a high-level
internet security threats areas including confidential conversations being conducted in private (100%) and confidential information being protected by appropriate technical controls (100%).
Systems, Software and Devices
The Provide Technology Team continue to embrace an ‘internet first’ policy so that we can have flexible systems that are not only accessible by Provide CIC but also by our group companies. The foundations for this shift are now in place following investment in a new data centre contract, upgrade of all devices to Windows 10, and acceptance to the NHS Digital ‘Microsoft 365 procurement’.
This work will continue during 2020-21 with the rollout of M365, a new anti-virus and encryption solution and migration to the new 0365 NHSmail tenant. The new set of objectives include migration of many of our remaining servers to the cloud and new cloud-based software. This will be complemented by our new support software which will include the ability to remotely support mobile phones.
New requirements necessitated by the COVID-19 response meant significant investment and change in a short period and has been embraced well by our services. This has included:
Widespread adoption of Microsoft Teams for virtual meetings, management and collaboration. Improved IT support for staff working outside of the office. Replacement of older laptops and issuance of laptops to many staff and teams that have previously relied on desktops. The use of video consultation tools for delivering care. New telephony and call management software for new services and service offerings. A move away from desk phones to softphones.
Health and Social Care Integration
Provide has participated in the regional project to replace N3 with the Health & Social Care Network and we have completed the migration of all our N3 sites to this new network which will make it easier and more secure to communicate with electronically with both NHS and social care colleagues.
We have also been part of the project to create a regional Health Information Exchange (HIE) that will allow health and social care partners across the Mid and South Essex Health and Care Partnership to share our records. At the time of writing, we are now able to view HIE data directly from our SystmOne records. There will be much more work happening in the coming months to ensure we make best use of this valuable data source.
