NHS Professionals achieves ISO 27001 certification and improves their infosec management

The Challenge

As a result of the nature of their business, processing staff, client and candidate personal data means information security is critical. As such the information security management system underpinning the business is key.

When NHS Professionals got in touch with ISMS.online they had two objectives: achieve UKAS certified ISO 27001 quickly and improve their ongoing management of information security. These key business objectives were at the heart of the ISO implementation project and the driving force for achieving certification in such a short time.

How did NHS Professionals approach infosec before using ISMS.online?

NHS Professionals had held ISO 9001 for 7 years and were already compliant with both the NHS Data Security Protection Toolkit (DSPT)and GDPR. Like many organisations, they were documenting their InfoSec in Word and Excel and saving their policies on shared drives.

As we often see with organisations using these types of solutions, it is hard to keep them up to date for one standard. So, when you have multiple standards or regulations to follow, the whole system can fall over or become very expensive to maintain. It can also result in practical challenges around collaboration, version control, policy approval and policy sharing. All of the above can ultimately cause non-compliance and increase business risk rather than reduce it.

“Adding ISO 27001 certification could have resulted in duplicated efforts and policies increasing cost and adding risks, so we sought advice from a consultant who indicated that ISMS.online would help streamline our mature processes and reduce the time taken to certification.”

Dean Fields IT Director, NHS Professionals

The Solution

NHS Professionals had a new service offering which required them to be ISO 27001 certified within 6 months.

It was important to NHS Professionals that all of their ISMS work could be managed in one application. ISMS.online has a number of frameworks available, including the recently issued NHS Data Security Protection Toolkit (DSPT) replacing the IG Toolkit. This allows customers to achieve greater levels of compliance without further investment.

NHS Professionals were already in a good position to start; they had a number of policies and processes covering many aspects of information security. Using the Assured Results Method, we were able to help them quickly move their good practices into ISMS.online.

“The support team has been invaluable. They helped us migrate data, answered our everyday functionality questions, and their Information Security Experts were on hand to give us one-to-one support.”

Dean Fields IT Director, NHS Professionals

The Result

NHS Professionals completed their Stage 1 audit after only 6 weeks, with no significant findings. This was closely followed by success at the Stage 2 Certification Audit with no non-conformities, observations or identified opportunities for improvement.

This fantastic result proved the value of using the ISMS.online platform, the Virtual Coach and the Assured Results Method supplemented with some direct consulting support.

“Thanks to ISMS.online, we achieved ISO 27001 UKAS certification within 4 months. I can honestly say we wouldn’t have been able to do it without ISMS.online and their support team.”

Dean Fields IT Director, NHS Professionals