Secure Email Standard Introduction for IT Suppliers 09 June 2014 Clive Star 1.

Slides:

Advertisements

Similar presentations

Initial thinking on clinical commissioning group (CCG) authorisation

Advertisements

Health and Safety Executive Health and Safety Executive CDM update CONIAC – 20 June 2012.

Pregnancy and complex social factors

Jeff Wallbank KPSN Partnership Development Manager How will the PSN change the shape of the Public Sector and the ways in which it delivers services.

Quality Manual for Interoperability Testing Morten Bruun-Rasmussen Presented by Milan Zoric, ETSI.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

Company Law Consultants and Company Secretaries. Who are we? David Venus & Company LLP are the leading independent firm of chartered secretaries Established.

Secure Standard Introduction for Health and Social Care Organisations 09 June 2014 Clive Star 1.

Regulators’ Code July Regulators’ Code A statutory Code Came into effect in April 2014, replacing the Regulators’ Compliance Code All local authorities.

Common Assessment Framework for Adults Demonstrator Site Programme Event to Support Expressions of Interest.

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

Autumn 2013 Partnerships’ Meeting We are supporting employers to implement Social Work Reform.

National Patient Safety Alerting System (NPSAS) Patient Safety Domain NHS England Publications Gateway Ref No

Slides to accompany the Adult Social Care Letter on National Data Collections to Local Authorities March Developed by the HSCIC / ZBR communications.

Cyber Security & Critical Controls Chris Few Industry Enabling Services CESG February 2011 © Crown Copyright. All rights reserved.

NHS European Office Accessing EU structural funding Michael Wood, European Policy Manager 14 th August.

Ensuring Better Services and Fair Value “Introduction and roadmap to implementation of ISO in Zambia’s water utilities” Kasenga Hara March 2015.

Service Definition SaaS Accreditation Support Service SaaS Accreditation Support Service is aimed at departments & suppliers seeking accreditation of G-Cloud.

1 GCSX and NHS Anna Smith Implementation & Service Delivery Manager, Government Connect October 2010.

1 Conformity Assessment Schemes Presented by Andrew Kwan ITU Consultant Conformity and Interoperability Training for ARB Region on Type Approval Testing.

Office of Inspector General (OIG) Internal Audit

First Practice - Information Security Management System Implementation and ISO Certification.

ISO Energy Management System Certification

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

QMS ISO 9001:2008 Introduction to QMS 9001:2008 and system auditing.

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

ISO Initiatives & CSR in the EU Deborah Evans Business Manager: Corporate Reporting & Assurance LRQA A member of the Lloyd’s Register Group.

NHS England & Customer Contact Centre FOI Introduction 2013.

Sustainable Procurement National Action Plan: Flexible Framework Paul Hinsley Sustainable Procurement Manager.

WHY CONFORMITY ASSESSMENT?. What is conformity assessment?  Conformity assessment is the name given to processes that are used to demonstrate that a.

Draft Special Educational Needs (SEN) Code of Practice: for 0 to 25 years Statutory guidance for organisations who work with and support children and young.

TickIT Standard1 Advanced Software Engineering COM360 University of Sunderland.

Certification Approaches EAC Meeting Miami, FL August 2008 Gordon Gillerman Conformity Assessment Advisor Homeland Security National Institute of Standards.

2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.

Standard of Electronic Health Record

1 HEALTH & SAFETY FIRE SAFETY SATUTORY RESPONSIBILTIES FOR MANAGERS.

© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.

HIT Policy Committee Information Exchange Workgroup NwHIN Conditions for Trusted Exchange Request For Information (RFI) May 15,

The UNIVERSITY of GREENWICH 1 September 2009 L8c Audit and assurance J. E. Spencer-Wood Auditing and assurance Lecture 8c Standards for the Professional.

Appraisal update NHS England (Severn) Maurice Conlon FRCGP National Appraisal Lead 23 April 2013.

HOKLAS th Edition HOKLAS th Edition Vs. 8 th Edition Major Changes HOKLAS th Edition.

Supporting Work Experience within the Public Sector Claire Flavell Work-related Learning Manager Lincolnshire & Rutland EBP Sarah-Jane Gallimore Trust.

Promoting excellence in social security Building on sector wide commonalities to enhance the benefits of Information.

Secure into Care Homes Toolkit October 2015.

Local Pension Boards for the Firefighters’ Pension Schemes: A discussion document April 2014.

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

Phil Mason, who made £1million in the timber industry by the age of 25.

Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.

Information Security tools for records managers Frank Rankin.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Information Sharing for Integrated Care A 5 Step Blueprint.

Information day on EUROCONTROL Guidance Material on the application of Common Requirements for Service Provision  Quality Management  Jos Kuijper, Manager.

CESG. © Crown Copyright. All rights reserved. Information Assurance within HMG and Secure Information Sharing across the Wider Public Sector Kevin Hayes,

A Common Assessment Framework for Adults – Development 12 February 2008 Carl Evans Social Care, Local Government and Care Services Directorate Department.

NHS Connecting for Health is delivering the National Programme for Information Technology Setting and Achieving the NHS Standard for Records Management.

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

S TANDARDS, CERTIFICATION AND ASSESSMENT C HAPTER 23 Dr. Ahmad F. Shubita.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

Secure Standard Introduction for Health and Social Care Organisations

Secure Standard Introduction for IT Suppliers

The EAC Quality Infrastructure and WTO TBT Agreement.

Standard of Electronic Health Record

Premises Assurance Model

SAFETY AND HEALTH IN PROCESS INDUSTRIES

Agenda Why this group exists Who is behind it

Open Letter - Summary of Responses

Risk Management NDS Forum June 23rd 2010.

Presentation transcript:

Secure Standard Introduction for IT Suppliers 09 June 2014 Clive Star 1

Background Developed to support the secure exchange of sensitive information between Health and Social Care organisations using locally managed services Builds on the Information Governance Toolkit organisations already complete with some additional enhancements on a few of the individual baseline controls Developed with a potential to step up to meet Public Sector accreditation requirements

Scope Standard covers health, public health & social care in England Under the 2012 Health Act, organisations must have “due regard” for standard Standard covers services for personal and sensitive data only Outsourced, cloud, in-house and HIS IT systems must meet service provider requirements

The Specification The Secure standard is available at: Contains: –The Information Standards Notice –The Specification –The Baseline Control Set

Principles Aligned to ISO Independent accreditation Supports insourced and outsourced systems Organisation compliance System/Service provider compliance Clinical safety approval for the service Organisations with Public Sector (HMG) certification do not need to accredit to this standard as well

IT Supplier Conformance An independently audited information security management system in relation to the service For services using personal or sensitive data, evidence of conformance to the secure baseline control set and pan-government or government departmental (e.g. Department of Health) security accreditation. For systems accredited prior to April 2014 this SHOULD be B-IL 3 Clinical safety approval for the service, as per ISB 0160 Clinical Risk Management: its Application in the Deployment and Use of Health IT Systems Evidence of conformance to the open standards policy

Meeting the Standard Achieve ISO accreditation Achieve B-IL3 departmental or pan-governmental security accreditation Register with the Public Services Network (PSN) Authority, evidencing conformance to the PSN Code of Connection. Larger suppliers will need to register as a PSN Service Provider Implement a PSN connection Comply with ISB 0160 clinical safety standardISB 0160 Evidence conformance to the Open Standards Policy

Guidance Security accreditation is managed by CESG in accordance with HMG IA Standard Numbers 1 & 2 – Supplement Technical Risk Assessment and Risk TreatmentCESG A CLAS consultant (CESG Listed Adviser Scheme) can advise on accreditationCLAS consultant PSN accreditation is managed by the PSN Authority Clinical safety guidance is available from the HSCICPSN Authority NHSmail has published its conformance statement that can be used as a guideconformance statement

Interoperability - How it will work Secure will communicate via the GSi/PSN infrastructure All services will need to conform to pan- government standards The HSCIC will create and administer 3 domains: – NHSmail – Secure NHS systems –TBC – Secure care systems

Next Steps Register with so we can include you in future targeted Assess the effort to achieve B-IL3 and PSN accreditation. We estimate this is the order of ~£50k for initial accreditation and ~£20k p.a. to retain Consider employing a CLAS consultant Implement PSN connection and (if necessary) register as a PSN Service Provider Engage with HSCIC to implement clinical safety standard.