Compliance is very big, said Tim Wilson, deputy head of ICT at NHS City & Hackney, speaking to Computer Weekly prior to a panel session at Infosec Europe 2012. The trust has embarked on an ISO 27000 compliance programme.
He said: “In my opinion, a lot of organisations limit the scope of their compliance.” But at City & Hackney all medical and patient records are covered by ISO 27000.
"If you are the finance director, IS0 27000 is important because auditors can see you have put information security as a top agenda item," said Wilson.
In a wider context, compliance means staff at the trust now challenge people, especially in secure areas in the hospital.
Through the programme, the number of information security incidences decreased dramatically. Wilson added: “A year after certification hearing two nurses talking about DR, was a real positive.”