NHS Business Services Authority achieves gold standard in information security management by British Standards
The NHS Business Services Authority (NHSBSA) has achieved the internationally recognised ISO 27001 (Information Security Management System Requirements) by the British Standards Institution.
The certification is the result of three years’ of work and effort and shows that NHSBSA takes information security and management of the huge volumes of information and data that it owns very seriously (including scanning data, data covering all pharmacies, dental practices and health exemption information across England and Wales).
The process included 13.5 audit days during February and March 2021 by certification body, the British Standards Institution (BSI).
"We are extremely proud to obtain an ISO certification. Information security management is incredibly important to us and especially so during the COVID-19 pandemic”, Mark Dibble, Executive Director of People and Corporate Services at NHSBSA commented. "We will not rest on our laurels; we have and will always continue to seek ways to improve.”
“The assessor was impressed with NHSBSA’s information security policies, processes, standards, and our strategic approach to information security management as an enabler for continual service improvement both within the NHSBSA and across the wider health and social care environment.”
BSI will carry out annual surveillance visits for the next three years to make sure NHSBSA remains compliant with requirements and that it is continually improving on how it manages information and data.
Notes to editors
Attached image: Copyright free via Unsplash.