NHS Greater Manchester Shared Services

ISO 27001 certification provided a secure choice for NHS Organization

The Project

In 2019, Phil Scott, IT Security Manager at NHS Greater Manchester Shared Services (GMSS), and his team began working towards ISO 27001 certification with BM TRADA. The certification was awarded in mid-June 2020, by which time the benefits of the process were clear to see.

The Challenge

When the global pandemic hit the UK in March 2020, millions of people were ordered to work from home, including all GMSS employees. With a significant rise in people working remotely, cyber security would be threatened, which is a serious issue for data safety. Working as a partner in the health and care system, GMSS customers include GPs, NHS Foundation Trusts and Clinical Commissioning Groups, so data protection is an area of significant concern for their clients. The team at GMSS needed to consider not just its employees but also the 13,000 service-users through its clients. 

The Solution

Fortunately, Phil’s team had spent months working with BM TRADA on ISO 27001 certification  in order to offer the highest level of security. An information security management system (ISMS) outlines a framework of policies and procedures to mitigate the risk of a security breach. ISO 27001 certification provides a model for establishing, implementing and operating an ISMS, as well as monitoring, reviewing, maintaining and improving it. It covers not just IT security, but all aspects of an organization’s information risk management process.  By the start of 2020, GMSS had a business continuity management system and risk assessment framework in place, which meant they started planning for COVID-19 much earlier than most.  At the end of February – when people were just starting to talk about a potential epidemic – the team at GMSS undertook a tabletop exercise to see what would happen if there was an outbreak in the UK and if there were infections in their offices. This outlined the weaknesses that they needed to address, resulting in 13 learnings to consider, such as increasing remote access capacity. As a result, they anticipated some of these potential problems and dealt with them in advance. 

The Result

By the time the Prime Minister announced that everyone should stay home, GMSS had a process in place to act immediately. All 350 GMSS employees were able to work from home safely the following day. While most organizations were placing emergency orders for laptops and equipment and discovering that stock was low, GMSS was able to deploy 2,300 laptops and many more hardware kits between March and June. They also increased capacity from 2,000 concurrent users to 10,000 – to cover the required number of people needing to use its services at any one time. Because of the work undertaken for ISO 27001 certification, businesses that needed support most urgently at this challenging time could continue to work seamlessly. Mohamed Fadil, Risk, Audit and Business Continuity Manager at GMSS, comments, “We knew ISO 27001 certification would make us leaders in our field, but we didn’t realize what a difference it would make as we faced a global pandemic. Our staff and customers could work from home quickly and easily, while other parts of the health care system were struggling months later. Feedback from customers was overwhelmingly positive, boosting team morale at an incredibly difficult time.” 

 

To find out more about how BM TRADA and certification can help you, contact us or call 01494 840 774.