BM TRADA, part of the Element Group, has awarded NHS Greater Manchester Shared Services (GMSS) with ISO 27001 information security management certification.
A partner in the health and care system, supporting GPs, Clinical Commissioning Groups and NHS Foundation Trusts in Greater Manchester, GMSS is one of the first NHS organisations to achieve this level of security certification.
GMSS has been working with BM TRADA for 18 months to achieve ISO 27001: an information security management system (ISMS), which outlines a framework of policies and procedures to mitigate the risk of a security breach.
The GMSS IT team worked closely with BM TRADA to identify all online and physical security risks, determine the mitigations, and establish an ISMS. ISO 27001 certification requires a focused effort to identify all potential data security risks. The process includes a detailed gap analysis, training sessions, risk assessment and two audits.
Phil Scott, IT Security Manager at GMSS, explains: “There have been a number of major data breaches in the healthcare industry, which highlighted the vulnerability of the NHS to cyber-attacks. We wanted to reassure our customers that we were committed to keeping data safe and leading the way in cyber security, so ISO 27001 certification was the clear choice.
“The last few months have truly demonstrated the value of ISO 27001. With a business continuity management system and risk assessment framework in place, we started planning for COVID-19 much earlier than most, which generated excellent results for our customers. By the time lockdown was announced, we had a process in place to act immediately. All 350 employees could work from home safely the following day and all 13,000 of our service-users continued to receive IT services and support. Businesses who needed support most urgently at this incredibly challenging time were able to continue to work seamlessly. The feedback we received from customers was overwhelmingly positive.”
Rob Veitch, EVP Fire and Building Products at Element, adds: “This is a remarkable achievement for GMSS, which is proving itself to be a leader in information security management in the healthcare industry. Becoming certified to ISO 27001 demonstrates that an organisation has been assessed at a globally-recognised standard and has assessed its risks and incorporated procedures to protect its information.
“With a significant rise in people working from home due to COVID-19, cyber security is open to more breaches than ever before. As businesses re-consider the safety of their workplaces, it is imperative that they also pay extra attention to the safety of the data that they hold.”
Covering more than just IT and cyber security, ISO 27001 certification provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS, and covers all aspects of an organisation’s information risk management process.
Using a UKAS-accredited certification body like BM TRADA ensures the ISO 27001 certification will be readily accepted by many regulators, suppliers and purchasers across the world.