Lancashire trust tightens IT security bootstraps with ‘gold standard’ accreditation

  • 24 October 2018
Lancashire trust tightens IT security bootstraps with ‘gold standard’ accreditation

Lancashire Care NHS Foundation Trust has secured a ‘gold standard’ in information security following an independent assessment of its IT practices.

The 400-site trust was awarded an ISO 27001 certification in information security following an audit by the United Kingdom Accreditation Services (UKAS) certified British Assessment Bureau this month.

The certification achieved by Lancashire Care NHS Foundation Trust (LCFT) covers the entire range of IT services it provides within its informatics department.

The trust, which ousted a decade-old EPR system in March, said the certification demonstrated it had “robust and agile” security protocols in place to protect patient data.

Damian Parkinson (pictured), LCFT’s director of health informatics, labelled the certification “a huge achievement and an absolute credit to the health informatics department”, saying it was the “culmination of many thousands of hours of work undertaken by a team of dedicated staff”.

He added: “Receiving the certification is testament to our commitment to security and further enforces Lancashire Care as a provider of quality care at the right time and in the right place.

“It is also a demonstration of our commitment to continuously improve processes and safeguarding data.”

The trust will have annual surveillance audits to maintain the certification.

The International Organisation for Standardisation (ISO) ISO 27001 is an international standard for IT systems, processes, policies and documentation related to cyber security.

Unlike CareCert and Cyber Essentials Plus – which are UK government schemes that are specifically for public sector organisations in the UK – ISO 27001 is a globally recognised certification that serves as a kitemark for industries around the world.

An LCFT spokesperson told Digital Health News: “At Lancashire Care we wanted to ensure compliance not only with the latest public sector and NHS guidance, but also to ensure we were compliant at the highest standard of information security that would be followed by other industries, including those with very high security requirements such as financial services.

“To our knowledge, there is only one other NHS trust in the North West region that has achieved certification for part of their IT service. The certification we have achieved at LCFT is for the entire range of IT services that we provide in a large health informatics department with 150 staff supporting a user base of just under 8,000.”

Lancashire Care’s health informatics unit recently achieved Level 2 Accreditation for Excellence in Health Informatics by the North West Informatics Skills Development Network.

According to LCFT, it is one of only three NHS organisations to hold the accreditation and plans to work towards Level 3 “in the near future”.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Major cyber security incident declared at Merseyside hospital

Major cyber security incident declared at Merseyside hospital

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.
Barts Health rolls out Cynerio cyber security platform

Barts Health rolls out Cynerio cyber security platform

Barts Health NHS Trust has rolled out Cynerio’s healthcare-focused cyber security platform across all of its sites.
How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.

4 Comments

  • It’s really a cool and helpful piece of information. I am satisfied that you just shared this useful info with us. Please keep us up to date like this. Thanks for sharing.

  • Is this even news? It seems strange to shout about this? Most if not all enterprise businesses hold ISO27001 as a minimum.

  • It’s good they have implemented ISO27001, but to call it a gold standard is wildly misleading, demonstrates a lack of understanding of the framework for certification, and ignores much more robust compliance frameworks like PCI DSS. Next to that, ISO27001 is a merit badge, not a gold standard.

  • Congratulations on your accreditation, we got our ISO27001 in 2016 and it has really helped drive a Cyber security culture within our Technical team.
    IT Governance Manager – The Dudley Group NHS Foundation Trust and TeraFirma

Comments are closed.