Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Information Security Governance In Health Services

  Quote
Guest
Guest user Created:   Jul 22, 2017 Last commented:   Jul 22, 2017

Information Security Governance In Health Services

May I seek your opinions about key steps to take to implement IG Toolkit for a Healthcare organization in the UK?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 22, 2017

I would appreciate your invaluable inputs as soon as possible because I have to make a presentation on this program in a few days.

Answer: From the Information Governance Toolkit site (https://www.igt.hscic.gov.uk/), I assume you are referring to the requirements for Health and Social Care Information Centre, which cover requirements for: Information Governance Management, Confidentiality and Data Protection Assurance, Information Security Assurance, Clinical Information Assurance, and Corporate Information Assurance.

Considering the definitions provided in the "About The IG Toolkit" document (https://www.igt.hscic.gov.uk/resources/About%20the%20IG%20Toolkit.pdf), I understand the implementation of information governance toolkit can follow the same general steps used for an ISO 27001 ISMS implementation:

- Project planning and elaboration of basic documentation
- Carrying out the risk assessment and risk treatment plan elabo ration
- Information security policies and procedures elaboration
- Implementation, operation and evaluation of policies and procedures (at this point some corrective actions may be required)
- Internal audit and management review
- Treatment of internal audit nonconformities and management review decisions

Advisera works with ISO management standards, and I personally do not know details regarding the specificities of UK Health care regulations, so we cannot provide much more inputs beyond that.

Regarding the specific scenario of an Healthcare organization, you can include as reference ISO 27799 - Information security management in health using ISO/IEC 27002, which will provide you specific recommendations about this sector: https://www.iso.org/standard/62777.html

These articles will provide you further explanation about ISO 27001 implementation:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How ISO 27001 and ISO 27799 complement each other in health organizations https://advisera.com/27001academy/blog/2016/06/13/how-iso-27001-and-iso-27799-complement-each-other-in-health-organizations/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 22, 2017

Jul 22, 2017

Suggested Topics

ISO Created:   Dec 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Information Security Goals

Guest user Created:   Oct 30, 2023 ISO 27001 & 22301
Replies: 1
0 0

Physical Security (A.11)