1 / 11

Information Governance Statement of Compliance (IGSoC)

Information Governance Statement of Compliance (IGSoC). By: Nazli Durrani Information Security Lead – NHS CFH. What is it?. Introduction.

edward
Télécharger la présentation

Information Governance Statement of Compliance (IGSoC)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Governance Statement of Compliance (IGSoC) By: Nazli Durrani Information Security Lead – NHS CFH

  2. What is it? Introduction The Information Governance Statement of Compliance is the agreement between NHS Connecting for Health and Approved Service Recipients* (ASRs) that sets out the terms and conditions for use of NHS CFH services including the N3 network in order to protect the integrity of those services. The IG SoC process sets out a set of security related requirements which must be satisfied for an organisation to be able to provide assurances in respect of safeguarding the N3 and information assets which may be accessed. Do I need to complete the IGSoC? Any organisation wishing to connect directly to the N3 network to use NHS CFH digital services needs to complete the IG SoC process. One IG SoC needs to be completed per independent legal entity i.e. the N3 connection owner or if you want to procure an N3 connection. *ASR – Those organisations directly connected to the N3 network (the N3 connection owner) and being recipients of NHS CFH services e.g. Choose & Book, NHS Mail etc.

  3. Responsibilities • The IG SoC process includes obligations for ASRs to maintain and preserve the information security principles of confidentiality, integrity, security, availability and accuracy of personal data used in the services provided to them e.g. by frequently deploying anti-virus checking software. It is therefore the responsibility of every ASR utilising these services to safeguard the information. • By requiring that ASRs achieve the information governance standards incorporated in the terms and conditions of the IG SoC, NHS CFH can help to ensure appropriate safeguards are in place to protect NHS CFH services for all users. • It is essential that those organisations sharing services with ASRs e.g. in the case of partnerships between NHS organisations (the ASR) and social care organisations work as efficiently to uphold the principles of information security. • It is the responsibility of every ASR wishing to exchange data with their business partners (by allowing that partner to access their N3 connection) to ensure their business partner has the necessary information security / governance compliance controls and activities in place and are regularly maintained. *ASR – Those organisations directly connected to the N3 network (the N3 connection owner) and being recipients of NHS CFH services e.g. Choose & Book, NHS Mail etc.

  4. IG SoC Process Components • To become an ASR*, an organisation must satisfy each component of IG SoC process. Each component is broken down into a series of requirements / clauses. The IG SoC process varies for different organisation types… • NHS Organisations need to complete the components listed below: • : • The IG SoC Declaration* • The Information Governance Toolkit (IGT)* • NON- NHS Organisations (inc. Social Care) need to complete: • The application form (assessed by NHS CFH) • The IG SoC Declaration* • The Information Governance Toolkit (IGT)* • A Logical Connection Architecture (LCA) document (assessed by NHS CFH) • * Self assessments *ASR – Those organisations directly connected to the N3 network (the N3 connection owner) and being recipients of NHS CFH services e.g. Choose & Book, NHS Mail etc.

  5. Total Number of IG SoC applications* *Those organisations with an existing N3 connection or have recently procured an N3 connection IG SoC Completion Progress Over 10,000 Total Number of IG SoC applications approved** ** Those organisations whom have met the required information governance standards as defined in the IG SoC circa 9000 Organisation Types whom have successfully completed the IG SoC process Acute Aggregators Mental Health Trusts Ambulance trusts Opticians Universities Hospices Strategic Health Authorities Local Authorities (12) GPs Pharmacies

  6. High level review Process

  7. Timescales • Timescales for an N3 connection are dependant upon how long it takes the organisation to reach the required standards for each of the components of the IG SoC. • An organisation to complete the IG SoC process is dependent upon i) the size of the organisation (ii) resource fuel for each IG SoC component (iii) the organisations’ information security / governance maturity • Internal NHS CFH processing of each component of the IG SoC can take up to 3 weeks • BT N3 quote a lead time of 3 months from placing the order for the N3 connection to its installation • If an organisation e.g. a council wants to access the N3 / NHS CFH digital services via an NHS organisation’s N3 connection (i.e. an indirect connection) they must approach the NHS Organisation to arrange for this access.

  8. A standard model for allowing organisations to assess their own Information security / governance arrangements and take necessary action. Allows for effective information sharing and defines responsibilities. Allows the identification and management of risk for organisations / data owners The IG SoC component requirements are aligned with theCabinet Office / Legal and Regulatory requirements Continuous Information Governance / Security Improvements for all ASRs Benefits of the IG SoC process model

  9. IG SoC Contacts • Website: • http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/igsoc • Queries: • Email: Exeter.helpdesk@nhs.net • Phone: 01392 251 289

  10. Status of work on harmonising with GoCo • Overview • NHS CFH have recently been focussing on exploring the potential for utilising GCSX as a route to N3 rather than just secure email from gcsx mailboxes to nhs.net mailboxes. This means connecting the GCSX network gateway to the N3 network gateway. Clearly it seems sensible to aim for one connection into Govt. to allow shared business processes to be improved • Progress • Research of the application processes for connectivity for GCSX & N3 • Reviews of application harmonisation for both the N3 and GCSX so that organisations do not have to complete multiple application processes for access to Govt. networks. • Research into the level of work required to get integration from both the application process and the feasibility of technical integration.

  11. Questions?

More Related