I’m part of the team who manage, maintain and continually improve OCSL’s compliance certifications and accreditations. We’ve recently gained our ISO 22301 (Business Continuity) certification. So, I thought it might be timely to provide an update on our latest ISO standard, to go beyond the acronyms of IT compliance and explain why our accreditations are so important. Especially as GDPR becomes a daily reality.
Maintaining the confidentiality, integrity and availability (CIA) of information lies at the heart of compliance risk management. When choosing a managed service provider, it’s critical to ensure they are committed to ensuring the highest possible standards of information security, quality, business continuity and service management.
At OCSL, we chose to implement ISO27001 over 7 years ago, shortly followed by ISO9001, ISO27018 and ISO20000, which is ITIL (Information Technology Infrastructure Library) aligned.
NEW: ISO 22301 (Business Continuity)
In April 2018 our business continuity management system was the latest to achieve ISO certification. This demonstrates we are following best practice for business continuity management.
Specifically, it requires us to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
Examples of disruptive incidents include cyber-attacks, criminal activity such as theft or vandalism, interruption to utility supplies and natural disasters such as floods and fires.
The main objective of ISO27001 is risk management. As part of the certification the organisation needs to have a robust Information Security Management System (ISMS) in place.
The objective is to provide clear assurance that information assets have been identified, security risks have been assessed and a comprehensive and continually-tested framework of policies, procedures and controls have been adopted.
This standard demonstrates an organisation’s ability to implement an efficient and consistent quality system across all operations. This needs to include robust and repeatable processes for monitoring, measurement and continual improvement.
This standard demonstrates an organisations technology is built responsibly and on best practices. ISO20000 provides peace of mind to ensure service requirements are fulfilled consistently and to the required standards. With effective knowledge management, risks are minimised and full control is maintained over IT processes and services.
Cyber Essentials & IASME
A primary objective of the UK Government's National Cyber Security Strategy is to make the UK a safer place to conduct business online. To this end, they have recently introduced the Cyber Essentials certification including the IASME Governance Standard.
IASME are one of a small number of companies appointed as Accreditation Bodies for assessing and certifying against the Governments Cyber Essentials Scheme. The IASME Governance Standard is based on international information security best practice.
OCSL has achieved Cyber Essentials certification and rather than opting for this alone, we decided to go one step further by complying with Cyber Essentials including the IASME Governance Standard. In 2018 we added the GDPR readiness certificate to this showing we are ‘GDPR ready’ for the new data protection laws. We wanted to reassure all our clients we’ve taken the necessary precautions to reduce cyber and data protection risks.
The Health and Social Care Network (HSCN)
OCSL has been a Commercial N3 Aggregator for a number of years. This means we can provide N3 connectivity, from our N3 circuits, to our approved customers.
We continually go through stringent checks by NHS Digital to maintain this status. In April 2017 The Health and Social Care Network (HSCN) replaced the centrally managed N3 national private network.
HSCN provides a reliable, efficient and flexible way for health and care organisations to access and exchange electronic information. OCSL have been liaising with the N3 Authority NHS Digital, since early 2016, to ensure a completely seamless transition for our N3 connected customers from N3 to HSCN.
And of course, we will keep our N3 connected clients updated at key stages of the process.