is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Health and information safety
06 May 2008
Topics: Information security, ISO/IEC 27001, Healthcare
Capula Healthcare Ltd (CHL), which provides technology and process improvement services in partnership with public and independent sector healthcare providers, has achieved certification from BSI Management Systems UK to the information security management systems (ISMS) standard ISO/IEC 27001. This is the key security requirement set by NHS Connecting for Health, an agency of the Department of Health. NHS Connecting for Health is responsible for The National Programme for IT, which is "a multi-billion pound infrastructure, which will improve patient care by enabling clinicians and other NHS staff to increase their efficiency and effectiveness", according to the Connecting for Health (CfH) website (www.connectingforhealth.nhs.uk).
"CHL recognized at an early stage that the NHS and any suppliers of IT services to the NHS would need to demonstrate a full commitment to the secure management of business and patient information across the sector," explains David Gumm, business support manager at CHL.
"As an existing services provider to the NHS for Patient Administration System, CHL implemented a robust ISMS. However CHL was also aware that compliance to ISO/IEC 27001:2005 would provide an externally verified stamp of approval to our ISMS and demonstrate to our customers our commitment to the secure management of information within CHL and that of our clients. Strategically we wanted to meet the NHS Information Governance recognized 'gold standard of an ISMS - ISO/IEC 27001'. It would show CHL as a 'safe pair of hands' and provide a platform for increased business within the healthcare sector."
As part of the certification process, CHL rigorously reviewed its procedures including: identifying information assets; assessing risk and educating staff; and ensuring it was CfH Information Governance compliant.
"Certification to ISO/IEC 27001:2005 has helped significantly and given CHL increased recognition and respect for information security management within the NHS CfH Information Governance arena," says Gumm. "It makes the bid and tendering processes much easier - the standard gives credibility to our ISMS and avoids lengthy explanations of ISMS rigour. It has given us the confidence and the opportunities to compete for increased business in areas of the healthcare sector that might otherwise have been closed to us."
According to Nikki Samme, marketing communications manager for BSI Management Systems UK: "Capula Healthcare is one of a fast-growing number of organizations that have successfully achieved this standard, which encompasses everything from people to physical environment to IT systems."
"CHL believes that it will probably become a mandatory requirement for NHS IT suppliers to achieve ISO/IEC 27001 certification," adds Gumm. "Recent lapses in the security of public information has rightly resulted in rigorous investigations into information security processes and controls across the public services. The public will increasingly demand to see robust controls and standards in place to protect their confidential information."
David Wilkinson, Capula Healthcare chairman, points out that the certificate is an important development for the company: "We have achieved this due to our stringent software development procedures. By offering an independent guarantee that we have the correct processes in place to ensure data security, we can provide an even better service to our clients."
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
As part of its evolving governance, risk and compliance strategy, BSI has acquired the Supply Chain Security Division of First Advantage Corporation.
While there was a time when companies would never consider working alongside the competition, today's marketplace demands a more flexible approach. Collaboration is fast becoming par for the course. For example, large government contracts often require expertise that goes far beyond any one company's capacity to deliver. Forming a consortium brings together the right experience in the right place, and it can mean the difference between winning or losing a tender.
OCS, an international facilities services group based in the UK, has achieved triple certification to ISO 9001 Quality management, ISO 14001 Environmental management/ and BS OHSAS 18001 Health and safety management with BSI.
Integra ICT Hits environmental high
Integra ICT, the Bedfordshire-based telecoms provider, has achieved certification to ISO 14001 Environmental management from BSI.
Rising waters: revising PAS 1188
For those living in areas that are prone to flooding, having the right protection resources available is essential. While images of emergency sandbags holding back rivers of water may fill the media, there is a much wider range of products available for flood protection.
Question: Can standards really help minimize the need for regulation?
Regulation and legislation keep business on a level playing field and help mitigate against risk, as was acknowledged by The Hampton Review in 2005.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
