NHS to cut fees with forensic unit

The NHS Purchasing and Supplies Agency (NHSPSA), responsible for negotiating more than £7bn of NHS purchasing contracts a year,...

The NHS Purchasing and Supplies Agency (NHSPSA), responsible for negotiating more than £7bn of NHS purchasing contracts a year, has created its own forensic investigation unit after baulking at the high fees charged by specialist forensic companies for data recovery.

The 330-strong agency, which has invested in a £6,000 forensic investigation workstation and three days of training for a member of its IT staff, said it would recoup its investment if it can avoid just one call-out to an external forensic investigator.

Forensic units use specialist software to investigate allegations of data misuse and fraud within companies.

Mark Buggy, IT delivery manager at the NHSPSA, bought the equipment after hearing about other IT departments whose computer evidence had been thrown out of court because they had failed to follow the right procedures when viewing files.

"As a security officer I realised we had two choices. We either had to put everything out to external consultants when we thought a case might go to court, or we could buy the equipment and do most of the work ourselves," he said.

Although Buggy has not yet had to use the workstation to investigate any serious investigations, he said he had recovered costs by using the workstation to retrieve data from corrupted hard discs and to recover accidentally deleted files on at least 10 occasions over the past eight months.

Most government departments typically conduct forensic investigations between two and three times a year at a cost of between £5,000 and £6,000 a time, said Buggy.

The forensic system, supplied by EvidenceTalks, runs Encase forensic software and is protected with fingerprint biometrics and data encryption.

Andy Sheldon, director of EvidenceTalks, said the NHSPSA was one of a growing number of organisations to invest in forensics equipment.

Many organisations do not realise that they can destroy computer evidence simply by opening a file and viewing it, he said.

The forensics unit is part of the agency's commitment to the security standard BS7799, which requires organisations to demonstrate that they are continually improving their security.

The NHSPSA became the first public sector organisation to win BS7799 certification in February 2002.

It hired Peter Badger, a private consultant, to complete the work in six months, after being told by a firm of management consultants that the project would take two years and would cost £500,000.

Badger was able to complete the project in a fraction of the time and at a fraction of the cost by building on the agency's existing policies, said Buggy.

The NHSPSA now acts as a role model for other public sector bodies interested in BS7799 accreditations.

Read more on IT risk management