NHS Professionals achieves ISO 27001 certification and improves their infosec management

NHS Professionals work in partnership with hospital trusts to provide a bank of highly skilled temporary staff who want to work flexibly within the NHS. They have over 130,000 registered members and more than 50 NHS client trusts. Staffing groups they supply include nurses, midwives, doctors and a variety of other high-quality health professionals.

As a result of the nature of their business, processing staff, client and candidate personal data means information security is critical.

As such the information security management system underpinning the business is key.When NHS Professionals got in touch with ISMS.online they had two objectives: achieve UKAS certified ISO 27001 quickly and improve their ongoing management of information security.

These key business objectives were at the heart of the ISO implementation project and the driving force for achieving certification in such a short time. NHS Professionals had held ISO 9001 for 7 years and were already compliant with both the NHS Data Security Protection Toolkit (DSPT)and GDPR.

Like many organisations, they were documenting their InfoSec in Word and Excel and saving their policies on shared drives.As we often see with organisations using these types of solutions, it is hard to keep them up to date for one standard. So, when you have multiple standards or regulations to follow, the whole system can fall over or become very expensive to maintain. It can also result in practical challenges around collaboration, version control, policy approval and policy sharing. All of the above can ultimately cause non-compliance and increase business risk rather than reduce it.

NHS Professionals had a new service offering which required them to be ISO 27001 certified within 6 months.It was important to NHS Professionals that all of their ISMS work could be managed in one application.

ISMS.online has a number of frameworks available, including the recently issued NHS Data Security Protection Toolkit (DSPT) replacing the IG Toolkit. This allows customers to achieve greater levels of compliance without further investment. NHS Professionals were already in a good position to start; they had a number of policies and processes covering many aspects of information security. Using the Assured Results Method, we were able to help them quickly move their good practices into ISMS.online.

NHS Professionals completed their Stage 1 audit after only 6 weeks, with no significant findings.

This was closely followed by success at the Stage 2 Certification Audit with no non-conformities, observations or identified opportunities for improvement.This fantastic result proved the value of using the ISMS.online platform, the Virtual Coach and the Assured Results Method supplemented with some direct consulting support.