Ely, England, 28 March 2012 – Alan Calder, Chief Executive of IT Governance, is calling for NHS staff to receive more thorough information security and IT governance training.
Calder says: ‘We all know the NHS needs to maximise efficiency to use limited budgets as productively as possible. Improved training around the ISO27001 security management standard for NHS information governance practitioners would, for example, mean these staff would be better able to assess the level of ISO27001 compliance of their supply chains at the earliest possible point, ultimately saving time and money. There are growing concerns within NHS trusts about how much reliance can be placed on supply chain information assurance arrangements. If errors are made by suppliers in self-assessment forms, wrongly claiming ISO27001 compliance, and those errors are not quickly identified by well-informed NHS staff, there might even be a need for the NHS to later commission supply chain information security audits.’
Calder continues: ‘Staff, sadly, are too often the weakest link in the information security chain and, therefore, need to be properly trained. Yes, training has cost implications, but the cost is a worthwhile investment. Training staff to manage information security should be a high priority because of the delicate nature of the data handled by the NHS. Any organisation that compromises client data will suffer major reputational damage. Properly trained and qualified ISO27001 practitioners are able to determine exactly what weight to put on a claim of compliance or certification.’
With ISO27001 compliance being so important, yet expert support being so hard to find, Calder says IT Governance is committed to providing the training the NHS needs. ‘We offer an extensive range of scheduled information security training courses, from a foundation level up to the requirements of ISO27001 lead implementers and auditors, but we are equally happy to deliver tailored, in-house training to meet the exact requirements of individual NHS trusts.’
Calder points out members of the NHS supply chain itself also need to improve their performance and take greater responsibility for compliance. The IG Toolkit, for example, is the online system that allows NHS organisations and partners to assess themselves against Department of Health information governance policies and standards, and Calder says: ‘We have developed our NHS N3/IG Toolkit Connecting for Health Consultancy service to ensure staff and systems meet the standards required for full ISO27001 and information security compliance. We can, therefore, not only help NHS staff themselves with training, but also their private sector partners with consultancy.’
Calder concludes: ‘Inefficient IT security also puts the NHS N3 broadband network at real risk of cyberattack. One vulnerable trust could be the gateway to the entire N3 network being compromised, with severe consequences for patients and staff.’