Presentation is loading. Please wait.

Presentation is loading. Please wait.

The session will commence at Please mute your microphone

Published byNeil Ball Modified over 5 years ago

Similar presentations

Presentation on theme: "The session will commence at Please mute your microphone"— Presentation transcript:

1 The session will commence at 12.30 Please mute your microphone
Data Security and Protection Toolkit Welcome The session will commence at 12.30 Please mute your microphone Presented by: David Ingham and John Hodson, NHS Digital

2 What we are doing currently
Prototype system made available to over 250 volunteers. Ongoing development. 1:1 testing and user research ongoing. Developing content and guidance. Working with key bodies (ICO, NCSC, CQC, NHS England etc.).

3 Update The requirements of the Data Security and Protection Toolkit (DSPT) are designed to encompass the National Data Guardian review’s 10 data security standards. The requirements of the DSPT support key requirements under the General Data Protection Regulation (GDPR), identified in the NHS GDPR checklist. The IG Toolkit assessed performance against three levels 1, 2 and 3. Organisations were required to provide evidence of compliance with (at least) level 2 for all elements of their assessment. The DSPT does not include levels and instead requires compliance with assertions and (mandatory) evidence items. The assertions and evidence items are designed to be concise and unambiguous. Documentary evidence is only requested where this adds value. Some evidence items will not be required where an organisation uses NHSmail, or has in place an existing relevant standard (Cyber Essentials PLUS, ISO 27001, Public Service Network Information Assurance).

4 New requirements in DSPT
Leaders and board members receive suitable data security and protection training. Organisations undertake process reviews to identify and improve processes which have caused breaches or near misses. Organisations must act on CareCERT alerts and notifications. Organisations must complete a specific business continuity test for data security. Organisations must survey their software for unsupported systems. Organisations must ensure all networking components have had their default passwords changed. Large organisations must ensure their web applications are secure against top 10 vulnerabilities. Large organisations must undertake a penetration test annually. Large organisations must flag any suppliers with significant issues complying with the NDG standards to NHS Digital.

5 FAQs SIRI tool being updated to GDPR breach reporting tool and NIS directive for applicable organisations ready for May 2018. Current Toolkit will stay in read-only format. October baseline submission for large organisations. Publication will be at summary level not detailed. Training requirement largely unchanged. Ability to chose “Secondary sectors” to be developed

6 Getting started… Transition will begin late February 2018 (prioritise sites who have completed 14.1). Initially, registration will be by invitation. The first registered user for your organisation will set up any subsequent users.

7 Care Quality Commission (CQC)
CQC well led inspections will include data security, we are testing approaches currently. The focus so far has been on how boards gain data security assurance Data security is wider than cyber. Use information from DSPT and wider intelligence to set the prompts for the inspection.

8 Communications Webinars (both general and sector specific).
Getting started guide. Presentation for IG leads to use on what’s changing (need some volunteers). Interested to know, what additional communications would you find useful?

9 Data Security and Protection Toolkit Plan

10 Demonstration

11 Questions?

12

Download ppt "The session will commence at Please mute your microphone"

Similar presentations

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
NHS Staff Survey and CQC Regulation - NHS Staff Survey - Regulatory process and the Quality and Risk xx Profiles (QRPs) x Elizabeth Spragg March 2011.

NHS Staff Survey and CQC Regulation - NHS Staff Survey - Regulatory process and the Quality and Risk xx Profiles (QRPs) x Elizabeth Spragg March 2011.
1 Understanding CQC registration Summer 2012. 2 Introduction to CQC.

1 Understanding CQC registration Summer Introduction to CQC.
Family Assessment Service Engagement Event 21 st August 2013 NWCE-9A3GPK.

Family Assessment Service Engagement Event 21 st August 2013 NWCE-9A3GPK.
1 CQC review of data security standards in the NHS Rosie Wood, Strategy Lead Information Governance Alliance Conference 16 March 2016.

1 CQC review of data security standards in the NHS Rosie Wood, Strategy Lead Information Governance Alliance Conference 16 March 2016.
National Data Guardian Report on Information Sharing in Health and Care Webinar:- Wednesday 20 July 2016 Chair Stephen Elgar IGA.

National Data Guardian Report on Information Sharing in Health and Care Webinar:- Wednesday 20 July 2016 Chair Stephen Elgar IGA.
Data Security and NDG Review Supporting the Wider System and National Data Guardian Review Presented by Chris Flynn Senior Service Manager NHS Digital’s.

Data Security and NDG Review Supporting the Wider System and National Data Guardian Review Presented by Chris Flynn Senior Service Manager NHS Digital’s.
Records Management Code of Practice - a discussion with the project team Information Governance Alliance 25 March 2016 Chair Suzanne Lea, IGA.

Records Management Code of Practice - a discussion with the project team Information Governance Alliance 25 March 2016 Chair Suzanne Lea, IGA.
Safe Digital Transformation

Safe Digital Transformation
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
The Quality Surveillance Team / Programme

The Quality Surveillance Team / Programme
National Stroke Audit Rehabilitation Services 2016

National Stroke Audit Rehabilitation Services 2016
Integration, cooperation and partnerships

Integration, cooperation and partnerships
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
IS YOUR ORGANISATION’S INFORMATION SECURE?

IS YOUR ORGANISATION’S INFORMATION SECURE?
New CMS Emergency Preparedness Rule

New CMS Emergency Preparedness Rule
SIGNs Chairs Meeting – 14th December 2016

SIGNs Chairs Meeting – 14th December 2016
Tailored Dispensing Service (TDS)

Tailored Dispensing Service (TDS)
Road Manager Module National Heavy Vehicle Regulator

Road Manager Module National Heavy Vehicle Regulator
General Data Protection Regulations and the IoT

General Data Protection Regulations and the IoT

Similar presentations

Ads by Google