ISO 27001 OFFERS A SECURE CHOICE FOR NHS ORGANIZATION
CASE STUDY
THE PROJECT
THE SOLUTION
In 2019, Phil Scott, IT Security Manager at NHS Greater Manchester Shared Services (GMSS), and his team began working towards ISO 27001 certification with BM TRADA. The certification was awarded in mid-June 2020, by which time the benefits of the process were clear to see.
Fortunately, Phil’s team had spent months working with BM TRADA on ISO 27001 certification in order to offer the highest level of security. An information security management system (ISMS) outlines a framework of policies and procedures to mitigate the risk of a security breach. ISO 27001 certification provides a model for establishing, implementing and operating an ISMS, as well as monitoring, reviewing, maintaining and improving it. It covers not just IT security, but all aspects of an organization’s information risk management process.
THE CHALLENGE When the global pandemic hit the UK in March 2020, millions of people were ordered to work from home, including all GMSS employees. With a significant rise in people working remotely, cyber security would be threatened, which is a serious issue for data safety. Working as a partner in the health and care system, GMSS customers include GPs, NHS Foundation Trusts and Clinical Commissioning Groups, so data protection is an area of significant concern for their clients. The team at GMSS needed to consider not just its employees but also the 13,000 service-users through its clients.
By the start of 2020, GMSS had a business continuity management system and risk assessment framework in place, which meant they started planning for COVID-19 much earlier than most. At the end of February – when people were just starting to talk about a potential epidemic – the team at GMSS undertook a tabletop exercise to see what would happen if there was an outbreak in the UK and if there were infections in their offices. This outlined the weaknesses that they needed to address, resulting in 13 learnings to consider, such as increasing remote access capacity. As a result, they anticipated some of these potential problems and dealt with them in advance.
THE RESULTS By the time the Prime Minister announced that everyone should stay home, GMSS had a process in place to act immediately.
All 350 GMSS employees were able to work from home safely the following day.
2,300 laptops deployed between March and June.
Increased capacity from 2,000 concurrent users to 10,000.
Businesses that needed support most urgently could continue to work seamlessly.
“We knew ISO 27001 certification would make us leaders in our field, but we didn’t realize what a difference it would make as we faced a global pandemic. Our staff and customers could work from home quickly and easily, while other parts of the health care system were struggling months later. Feedback from customers was overwhelmingly positive, boosting team morale at an incredibly difficult time.” Phil Scott, IT Security Manager, NHS Greater Manchester Shared Services
Element is one of the fastest growing testing, inspection, certification and calibration businesses in the world. Globally we have over 7,000 brilliant minds operating from 200 sites across more than 30 countries. Together we share an ambitious purpose to ‘Make tomorrow safer than today’.
To find out more contact: cert.admin@bmtrada.com +44 1494 569 750
bmtrada.com