Information governance statement of compliance igsoc
Download
1 / 11

- PowerPoint PPT Presentation


  • 223 Views
  • Updated On :

Information Governance Statement of Compliance (IGSoC). By: Nazli Durrani Information Security Lead – NHS CFH. What is it?. Introduction.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - edward


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Information governance statement of compliance igsoc l.jpg

Information Governance Statement of Compliance (IGSoC)

By: Nazli Durrani

Information Security Lead – NHS CFH


Introduction l.jpg

What is it?

Introduction

The Information Governance Statement of Compliance is the agreement between NHS Connecting for Health and Approved Service Recipients* (ASRs) that sets out the terms and conditions for use of NHS CFH services including the N3 network in order to protect the integrity of those services. The IG SoC process sets out a set of security related requirements which must be satisfied for an organisation to be able to provide assurances in respect of safeguarding the N3 and information assets which may be accessed.

Do I need to complete the IGSoC?

Any organisation wishing to connect directly to the N3 network to use NHS CFH digital services needs to complete the IG SoC process. One IG SoC needs to be completed per independent legal entity i.e. the N3 connection owner or if you want to procure an N3 connection.

*ASR – Those organisations directly connected to the N3 network (the N3 connection owner) and being recipients of NHS CFH services e.g. Choose & Book, NHS Mail etc.


Responsibilities l.jpg
Responsibilities

  • The IG SoC process includes obligations for ASRs to maintain and preserve the information security principles of confidentiality, integrity, security, availability and accuracy of personal data used in the services provided to them e.g. by frequently deploying anti-virus checking software.

    It is therefore the responsibility of every ASR utilising these services to safeguard the information.

  • By requiring that ASRs achieve the information governance standards incorporated in the terms and conditions of the IG SoC, NHS CFH can help to ensure appropriate safeguards are in place to protect NHS CFH services for all users.

  • It is essential that those organisations sharing services with ASRs e.g. in the case of partnerships between NHS organisations (the ASR) and social care organisations work as efficiently to uphold the principles of information security.

  • It is the responsibility of every ASR wishing to exchange data with their business partners (by allowing that partner to access their N3 connection) to ensure their business partner has the necessary information security / governance compliance controls and activities in place and are regularly maintained.

*ASR – Those organisations directly connected to the N3 network (the N3 connection owner) and being recipients of NHS CFH services e.g. Choose & Book, NHS Mail etc.


Ig soc process components l.jpg
IG SoC Process Components

  • To become an ASR*, an organisation must satisfy each component of IG SoC process. Each component is broken down into a series of requirements / clauses. The IG SoC process varies for different organisation types…

  • NHS Organisations need to complete the components listed below:

  • :

    • The IG SoC Declaration*

    • The Information Governance Toolkit (IGT)*

  • NON- NHS Organisations (inc. Social Care) need to complete:

    • The application form (assessed by NHS CFH)

    • The IG SoC Declaration*

    • The Information Governance Toolkit (IGT)*

    • A Logical Connection Architecture (LCA) document (assessed by NHS CFH)

  • * Self assessments

*ASR – Those organisations directly connected to the N3 network (the N3 connection owner) and being recipients of NHS CFH services e.g. Choose & Book, NHS Mail etc.


Ig soc completion progress l.jpg

Total Number of IG SoC applications*

*Those organisations with an existing N3 connection or have recently procured an N3 connection

IG SoC Completion Progress

Over 10,000

Total Number of IG SoC applications approved**

** Those organisations whom have met the required information governance standards as defined in the IG SoC

circa 9000

Organisation Types whom have successfully completed

the IG SoC process

Acute

Aggregators

Mental Health Trusts

Ambulance trusts

Opticians

Universities

Hospices

Strategic Health Authorities

Local Authorities (12)

GPs

Pharmacies



Timescales l.jpg
Timescales

  • Timescales for an N3 connection are dependant upon how long it takes the organisation to reach the required standards for each of the components of the IG SoC.

  • An organisation to complete the IG SoC process is dependent upon i) the size of the organisation (ii) resource fuel for each IG SoC component (iii) the organisations’ information security / governance maturity

  • Internal NHS CFH processing of each component of the IG SoC can take up to 3 weeks

  • BT N3 quote a lead time of 3 months from placing the order for the N3 connection to its installation

  • If an organisation e.g. a council wants to access the N3 /

    NHS CFH digital services via an NHS organisation’s N3 connection

    (i.e. an indirect connection) they must approach the NHS Organisation

    to arrange for this access.


Benefits of the ig soc process model l.jpg

A standard model for allowing organisations to assess their own Information security / governance arrangements and take necessary action. Allows for effective information sharing and defines responsibilities.

Allows the identification and management of risk for organisations / data owners

The IG SoC component requirements are aligned with theCabinet Office / Legal and Regulatory requirements

Continuous Information Governance / Security Improvements for all ASRs

Benefits of the IG SoC process model


Ig soc contacts l.jpg
IG SoC Contacts their own Information security / governance arrangements and take necessary action. Allows for effective information sharing and defines responsibilities.

  • Website:

  • http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/igsoc

  • Queries:

  • Email: [email protected]

  • Phone: 01392 251 289


Status of work on harmonising with goco l.jpg
Status of work on harmonising with GoCo their own Information security / governance arrangements and take necessary action. Allows for effective information sharing and defines responsibilities.

  • Overview

  • NHS CFH have recently been focussing on exploring the potential for utilising GCSX as a route to N3 rather than just secure email from gcsx mailboxes to nhs.net mailboxes. This means connecting the GCSX network gateway to the N3 network gateway. Clearly it seems sensible to aim for one connection into Govt. to allow shared business processes to be improved

  • Progress

  • Research of the application processes for connectivity for GCSX & N3

  • Reviews of application harmonisation for both the N3 and GCSX so that organisations do not have to complete multiple application processes for access to Govt. networks.

  • Research into the level of work required to get integration from both the application process and the feasibility of technical integration.


Questions l.jpg
Questions? their own Information security / governance arrangements and take necessary action. Allows for effective information sharing and defines responsibilities.


ad