BUSINESS STANDARDS
is the quarterly magazine of BSI Group, highlighting the vital role that standards play in today's business environment. Regular features include interviews with leading business figures, as well as news on the latest developments in management systems and standards.
Health and information safety
06 May 2008
Topics: Information security, ISO/IEC 27001, Healthcare
Capula Healthcare Ltd (CHL), which provides technology and process improvement services in partnership with public and independent sector healthcare providers, has achieved certification from BSI Management Systems UK to the information security management systems (ISMS) standard ISO/IEC 27001. This is the key security requirement set by NHS Connecting for Health, an agency of the Department of Health. NHS Connecting for Health is responsible for The National Programme for IT, which is "a multi-billion pound infrastructure, which will improve patient care by enabling clinicians and other NHS staff to increase their efficiency and effectiveness", according to the Connecting for Health (CfH) website (www.connectingforhealth.nhs.uk).
"CHL recognized at an early stage that the NHS and any suppliers of IT services to the NHS would need to demonstrate a full commitment to the secure management of business and patient information across the sector," explains David Gumm, business support manager at CHL.
"As an existing services provider to the NHS for Patient Administration System, CHL implemented a robust ISMS. However CHL was also aware that compliance to ISO/IEC 27001:2005 would provide an externally verified stamp of approval to our ISMS and demonstrate to our customers our commitment to the secure management of information within CHL and that of our clients. Strategically we wanted to meet the NHS Information Governance recognized 'gold standard of an ISMS - ISO/IEC 27001'. It would show CHL as a 'safe pair of hands' and provide a platform for increased business within the healthcare sector."
As part of the certification process, CHL rigorously reviewed its procedures including: identifying information assets; assessing risk and educating staff; and ensuring it was CfH Information Governance compliant.
"Certification to ISO/IEC 27001:2005 has helped significantly and given CHL increased recognition and respect for information security management within the NHS CfH Information Governance arena," says Gumm. "It makes the bid and tendering processes much easier - the standard gives credibility to our ISMS and avoids lengthy explanations of ISMS rigour. It has given us the confidence and the opportunities to compete for increased business in areas of the healthcare sector that might otherwise have been closed to us."
According to Nikki Samme, marketing communications manager for BSI Management Systems UK: "Capula Healthcare is one of a fast-growing number of organizations that have successfully achieved this standard, which encompasses everything from people to physical environment to IT systems."
"CHL believes that it will probably become a mandatory requirement for NHS IT suppliers to achieve ISO/IEC 27001 certification," adds Gumm. "Recent lapses in the security of public information has rightly resulted in rigorous investigations into information security processes and controls across the public services. The public will increasingly demand to see robust controls and standards in place to protect their confidential information."
David Wilkinson, Capula Healthcare chairman, points out that the certificate is an important development for the company: "We have achieved this due to our stringent software development procedures. By offering an independent guarantee that we have the correct processes in place to ensure data security, we can provide an even better service to our clients."
Business Standards © 2008. Editorial produced by Caspian Publishing in association with the British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Audatex UK, a leading provider of insurance claims management solutions, has become the first company in the world to simultaneously attain certification to ISO/IEC 27001 Information Security Management and BS 25999 Business Continuity Management from BSI Management Systems.
Are you "Fit to supply" 2012 Olympic Games?
Business Link, the support and networking agency funded primarily by the Department for Business, Enterprise and Regulatory Reform (BERR), is working with BSI to help companies in their goal to win contracts for the 2012 Olympic Games.
New web standards: first in class
In a world first, BSI British Standards and UK web compliance expert Magus have launched PAS 124 Defining, implementing and managing website standards, a Publicly Available Specification that aims to improve the effectiveness of corporate websites through a new best practice approach to the application and management of website standards.
Global BCM accreditation for BSI
BSI Management Systems has become one of the first organizations to be independently accredited to deliver global certification against BS 25999, the business continuity management standard.
Sustainable events standard takes off
Manchester-based Out There Events is among the first companies to participate in a pilot programme, launched by BSI Management Systems in April, to assess the opportunities for creating official certification for BS 8901, the sustainable event management standard.
Question: Do companies need to verify their carbon footprint?
Unless a business is regulated by some form of greenhouse gas (GHG) reporting and/or cap-and-trade regulation (as is the case for some 12,000 installations in Europe), rarely is there the need to either calculate or verify the accuracy of a carbon footprint.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
