The session will commence at Please mute your microphone

Slides:



Advertisements
Similar presentations
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
Advertisements

NHS Staff Survey and CQC Regulation - NHS Staff Survey - Regulatory process and the Quality and Risk xx Profiles (QRPs) x Elizabeth Spragg March 2011.
1 Understanding CQC registration Summer Introduction to CQC.
Family Assessment Service Engagement Event 21 st August 2013 NWCE-9A3GPK.
1 CQC review of data security standards in the NHS Rosie Wood, Strategy Lead Information Governance Alliance Conference 16 March 2016.
National Data Guardian Report on Information Sharing in Health and Care Webinar:- Wednesday 20 July 2016 Chair Stephen Elgar IGA.
Data Security and NDG Review Supporting the Wider System and National Data Guardian Review Presented by Chris Flynn Senior Service Manager NHS Digital’s.
Records Management Code of Practice - a discussion with the project team Information Governance Alliance 25 March 2016 Chair Suzanne Lea, IGA.
Safe Digital Transformation
General Data Protection Regulation (EU 2016/679)
The Quality Surveillance Team / Programme
National Stroke Audit Rehabilitation Services 2016
Integration, cooperation and partnerships
Accountability & Structured Privacy Management
IS YOUR ORGANISATION’S INFORMATION SECURE?
New CMS Emergency Preparedness Rule
SIGNs Chairs Meeting – 14th December 2016
Tailored Dispensing Service (TDS)
Road Manager Module National Heavy Vehicle Regulator
General Data Protection Regulations and the IoT
Incident handling and transparency Duty of candour
GDPR Awareness and Training Workshop
General Data Protection Regulations: what you really need to know
Technology in care homes -
An introduction to ACSA
Hydrographic Services and Standards Committee
The session will commence at Please mute your microphone
General Data Protection Regulations
National data opt-out - Implementation approach
The session will commence at Please mute your microphone
The session will commence at Please mute your microphone
Data Security Protection Toolkit – Overview
The session will commence at Please mute your microphone
Incident Reporting Webinar Begins at 12.30
Data Security and Protection Toolkit
The session will commence at Please mute your microphone
End of Year Performance Review Meetings and objective setting for 2018/19 This briefing pack is designed to be used by line managers to brief their teams.
Data Security and Protection Toolkit
Data protection and information governance: Balancing the confidentiality of patients against the importance of sharing information presented by John Hodson,
Information Governance
Data Security Protection Toolkit – Top Tips
From DPA to GDPR: the key elements
NHSmail and HSCN Lorraine Amor
GDPR – Practical Implementation Managing contracts, procurement and relationships with suppliers Terry Brewer Chief Executive.
The session will commence at Please mute your microphone
Primary Care Information Governance Manager
The National Working Group
A whistle stop tour of GDPR
How we’ll prepare for the General Data Protection Regulation (GDPR)
TYPE IN CENTRE NAME LEVEL 1 GDPR AWARENESS TYPE IN NAME
EHC Online Portal Project Lead: Liz Lake
Road Manager Module National Heavy Vehicle Regulator
Registration Policy and Practice First Aid Forward
The session will commence at Please mute your microphone
Consultation and Engagement
Skills for Care Diane Buddery: Digital Support for Providers.
Paul Barnes - Cyber Security Programme Manager, NHS England
TYPE IN CENTRE NAME LEVEL 1 GDPR AWARENESS TYPE IN NAME
ADD YOUR LOGO HERE TYPE IN CENTRE NAME LEVEL 2 GDPR AWARENESS
The session will commence at Please mute your microphone
DSC Contract Management Committee Meeting
Jodie Stutely Primary Care Information Governance Manager
ADD YOUR LOGO HERE TYPE IN CENTRE NAME LEVEL 1 GDPR AWARENESS
Better Information sharing?
London Youth Introduction to the Quality Mark.
TYPE IN CENTRE NAME LEVEL 2 GDPR AWARENESS TYPE IN NAME
Data Security and Protection Toolkit Assurance 2018/19
About the national data opt-out
National data opt-out - Preparing for implementation
Information Governance
Presentation transcript:

The session will commence at 12.30 Please mute your microphone Data Security and Protection Toolkit Welcome The session will commence at 12.30 Please mute your microphone Presented by: David Ingham and John Hodson, NHS Digital

What we are doing currently Prototype system made available to over 250 volunteers. Ongoing development. 1:1 testing and user research ongoing. Developing content and guidance. Working with key bodies (ICO, NCSC, CQC, NHS England etc.).

Update The requirements of the Data Security and Protection Toolkit (DSPT) are designed to encompass the National Data Guardian review’s 10 data security standards. The requirements of the DSPT support key requirements under the General Data Protection Regulation (GDPR), identified in the NHS GDPR checklist. The IG Toolkit assessed performance against three levels 1, 2 and 3. Organisations were required to provide evidence of compliance with (at least) level 2 for all elements of their assessment. The DSPT does not include levels and instead requires compliance with assertions and (mandatory) evidence items. The assertions and evidence items are designed to be concise and unambiguous. Documentary evidence is only requested where this adds value. Some evidence items will not be required where an organisation uses NHSmail, or has in place an existing relevant standard (Cyber Essentials PLUS, ISO 27001, Public Service Network Information Assurance).

New requirements in DSPT Leaders and board members receive suitable data security and protection training. Organisations undertake process reviews to identify and improve processes which have caused breaches or near misses. Organisations must act on CareCERT alerts and notifications. Organisations must complete a specific business continuity test for data security. Organisations must survey their software for unsupported systems. Organisations must ensure all networking components have had their default passwords changed. Large organisations must ensure their web applications are secure against top 10 vulnerabilities. Large organisations must undertake a penetration test annually. Large organisations must flag any suppliers with significant issues complying with the NDG standards to NHS Digital.

FAQs SIRI tool being updated to GDPR breach reporting tool and NIS directive for applicable organisations ready for May 2018. Current Toolkit will stay in read-only format. October baseline submission for large organisations. Publication will be at summary level not detailed. Training requirement largely unchanged. Ability to chose “Secondary sectors” to be developed

Getting started… Transition will begin late February 2018 (prioritise sites who have completed 14.1). Initially, registration will be by invitation. The first registered user for your organisation will set up any subsequent users.

Care Quality Commission (CQC) CQC well led inspections will include data security, we are testing approaches currently. The focus so far has been on how boards gain data security assurance Data security is wider than cyber. Use information from DSPT and wider intelligence to set the prompts for the inspection.

Communications Webinars (both general and sector specific). Getting started guide. Presentation for IG leads to use on what’s changing (need some volunteers). Interested to know, what additional communications would you find useful?

Data Security and Protection Toolkit Plan

Demonstration

Questions? cybersecurity@nhs.net

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.