Compliance risk assessment. I’m part of the team who manage, maintain and continually improve OCSL’s compliance certifications and accreditations. We’ve recently gained a brand new accreditation, the Cyber Essentials with IASME. So, I thought it might be helpful to dig a little deeper, go beyond the acronyms and explain why our accreditations are so important.
Maintaining the confidentiality, integrity and availability (CIA) of information lies at the heart of compliance risk management. When choosing a managed service provider, it’s critical to ensure they are committed to ensuring the highest possible standards of information security, quality and service management.
At OCSL, we chose to implement ISO27001 over 7 years ago, shortly followed by ISO9001 and our most recent ISO achievement ISO20000, which is ITIL (Information Technology Infrastructure Library) aligned.
The main objective of ISO27001 is risk management. As part of the certification the provider needs to have a robust Information Security Management System (ISMS) in place. The objective is to provide clear assurance that information assets have been identified, security risks have been assessed and a comprehensive and continually-tested framework of policies, procedures and controls have been adopted.
Demonstrates a provider’s ability to implement an efficient and consistent quality system across all operations. This needs to include processes for monitoring, measurement and continual improvement.
Demonstrates a provider’s technology is built responsibly and on best practices. ISO20000 provides peace of mind to ensure service requirements are fulfilled consistently and to the required standards. With effective knowledge management, risks are minimised and full control is maintained over IT processes and services.
NEW: Cyber Essentials and IASME
A primary objective of the UK Government's National Cyber Security Strategy is to make the UK a safer place to conduct business online. To this end, they have recently introduced the Cyber Essentials certification including the IASME Governance Standard. IASME are one of a small number of companies appointed as Accreditation Bodies for assessing and certifying against the Governments Cyber Essentials Scheme. The IASME Governance Standard is based on international information security best practice. OCSL recently gained Cyber Essentials certification and rather than opting for this alone, we decided to go one step further by complying with Cyber Essentials including the IASME Governance Standard.
We wanted to reassure all our clients we’ve taken the necessary precautions to reduce cyber risks.
NEW for 2017: The Health Social Care Network (HSCN)
OCSL has been a Commercial N3 Aggregator for a number of years. This means we can provide N3 connectivity, from our N3 circuits, to one or more of our approved customers. We continually go through stringent checks by NHS Digital to maintain this status. In April 2017 The Health and Social Care Network (HSCN) will replace the current centrally managed N3 national private network. HSCN will provide a reliable, efficient and flexible way for health and care organisations to access and exchange electronic information. OCSL have been liaising with the N3 Authority NHS Digital, since early 2016, to ensure a completely seamless transition for our N3 connected customers from N3 to HSCN.
And of course, we will keep our N3 connected clients updated at key stages of the process.
For multiple clouds, a tool such as Cloud Control, can help manage and monitor your entire IT infrastructure. But it can also really help with compliance. Using one simple portal interface it’s possible to set up user rights and enforce policies across your entire estate.
If you have any queries around the HSCN, compliance, compliance risk assessment or any of the details mentioned in this post, please get in touch.