NHS IG Toolkit compliance is rapidly becoming a differentiator when the NHS is reviewing tenders. So, is your organisation planning to submit the IG Toolkit by the end of this financial year?
I have recently worked with a number of clients who have to prove compliance with the IG Toolkit in order to be able to provide services to the NHS. Whilst their primary motivation is to win new business, my clients have also gained additional business benefits which are discussed below.
Why are NHS suppliers required to connect to the N3 Connecting to Health?
NHS N3 Connecting for Health provides a secure network infrastructure that has vastly improved how patient information is stored, accessed and transferred.
An organisation must fulfil a number of requirements and demonstrate a certain level of compliance to be able to connect to the NHS N3 network. This demonstration of compliance provides the NHS with a level of assurance that organisations accessing, processing or storing Patient Identifiable Data are serious about their information security. Even if you do not require a physical N3 connection, the NHS will expect you to reach the same standard of information security in order to continue your business with the NHS. Failure to achieve this level of compliance can result in losing business with the NHS.
Organisations that usually pursue N3 connections are Business Partners ( hospitals, independent treatment sector, pharmacies, opticians, dentists) and Commercial Third Parties (IT service providers, medical equipment suppliers and similar).
Compliance with the IG Toolkit
The IG Toolkit is based on the ISO27001 standard. Commercial Third Parties (CTPs) and Business Partners (BP) need to meet a number of information security requirements. Each of the N3 requirements have 4 levels against which to assess your organisation. Level 2 is the minimum compliance to achieve an N3 connection. Connecting for Health expects you to continue the journey from Level 2 compliance to Level 3 compliance effectively an ISO27001 compliance.
IG Toolkit compliance offers additional business benefits:
- Credibility and confidence
- Demonstrates to stakeholders that the company has taken necessary precautions to minimise the risks
- Assurance to customers – their data is safe with you and can be transferred securely
- Improved business operations
The smaller companies (fewer than 20 employees) I have worked with have heard about the IT Governance N3 FastTrack Consultancy Service and this is how they got in touch. They have contacted us after discovering that for a fixed cost they can save a lot of time. Complying with the IG Toolkit is demanding due to the evidence required for meeting the requirements.
Of course, bigger companies also see the benefits from using N3 consultancy service, as for them this means saving time and resources, which usually cost them more than consultancy fees.
The CTPs I’ve worked with have found the latest and full NHS N3 Information Governance IG Toolkit V10 very beneficial. As I already mentioned, CTPs are required to provide evidence and a lot of this evidence is in the form of policies and procedures. The NHS N3 Information Governance IG Toolkit V10 contains all the documents that you will need to complete and put into operation if you are to meet the 17 CTP requirements and achieve IG Toolkit v10 Compliance. It is easy to use and is appropriate for any CTP company.