Gloucestershire NHS organisations have individual information security documentation and processes. The principles of aligning to the NHS Information Governance toolkit are adhered to by all partners, Those principles are based upon the common goals which the Information Governance Tool Kit and associated Information Governance Statement of Compliance (GSoC) and also the Government Secure Intranet (GSI) are built.
Confidentiality – ensuring that the information is accessible only to those authorised to have access;
Integrity – safeguarding the accuracy and completeness of information by protecting against unauthorised modification;
Availability – ensuring that authorised users have access to information and associated assets when required.
An important aspect of this Programme is that health and social care in Gloucestershire is also delivered by non NHS organisations. The local Authority, Gloucestershire County Council being an important partner also has a set of criteria which they have evidenced in order to meet their obligations to the Cabinet Office. This is referred to as the “Code of Connection (COCO)”.
This enables access to higher levels of security within a secure IT network environment, the Government Secure Intranet (GCSx). The County Council have also stated through policy and procedure how they protect the personal and sensitive information with which they are entrusted. There is no requirement for the County Council to meet NHS Information Governance Statement of Compliance however the controls are based upon the same principles namely that of International Standards Organisation Information Security Standard ISO27001. ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
JUYI is supplied by Kainos Software Ltd as part of their Evolve system and they are fully compliant with NHS digital security and information governance standards, including ISO 27001 certification.
Both NHS and County council are audited by external auditors regularly in order to maintain compliance and importantly assure the members of public’s data that they manage and protect.