9 May 2018 – UKCloud Health today announced its preparedness for the forthcoming NHS Data Security and Protection (DSP) Toolkit. This new framework, which replaces the NHS’s long-established Information Governance (IG) Toolkit, assesses whether healthcare providers are fully meeting their statutory obligations on information security and data protection, the latter in accordance with the imminent EU General Data Protection Regulation (GDPR). It will apply to NHS Providers, Clinical Commissioning Groups, General Practices, Local Authorities and Social Care Providers, and also includes any third-party suppliers who manage or process data on their behalf.
Focusing on three key areas of leadership obligations – people, processes and technology – the new DSP Toolkit will ensure more comprehensive protection for healthcare IT systems and the sensitive personal data which they process. The DSP Toolkit requires commitments to GDPR compliance, the provision of data security and protection training to staff, prompt action on security advisories, the reporting of security incidents and the removal of unsupported IT systems, amongst others.
For healthcare organisations who use third-party suppliers, each of these will need to be assessed against a framework of certifications, including ISO27001:2013 (from a UKAS accredited organisation), Cyber Essentials and Cyber Essentials Plus, or that their services are available through the UK Government’s Digital Marketplace. UKCloud Health is pleased to confirm that it already meets all these requirements, which supports its provision of easy to use, sovereign assured cloud services for healthcare communities.
John Godwin, Director of Compliance & Information Assurance at UKCloud Health commented: “As part of the current refresh of information security standards and data protection frameworks, it’s reassuring to note that the NHS is also updating its existing IG Toolkit to reflect current regulations and best practice. With vulnerabilities and threats evolving faster than ever before, it’s essential that healthcare organisations, and their supply chain, can demonstrate that they are delivering the highest possible levels of data security and privacy for patient information if they are to earn and retain the trust of citizens”.
Godwin continued: “UKCloud Health is recognised for its no-compromise approach to robust data security and technical resilience, which has enabled us to build a significant portfolio of healthcare customers and partners. Our ability to demonstrate our competencies and supporting security controls is essential in helping them to select credible cloud services, which meet the requirements of both the new DSP Toolkit and the imminent General Data Protection Regulation”.