Title: WHICTS County ICT Programme Board
1Worcestershire Health ICT Services County ICT
Programme Board Notes Actions (26th Nov
07) John Thornbury Director, Worcestershire
Health ICT Services John.thornbury_at_nhs.net 078
667 213 71 (wictp_n_071126_00_presentatio
n.ppt)
2Apologies / Attendees
3New / Revised Actions List (PCT)
4New / Revised Actions List (PCT)(Contd)
5New / Revised Actions List (Acute)
6New / Revised Actions List (Acute) (Contd.)
7New / Revised Actions List (MHP)
8New / Revised Actions List (ICT)
9New / Revised Actions List (ICT) (Contd.)
10Previous Completed Actions Notes List
11Previous Completed Actions Notes List (Contd.)
12Appendix 1
- 5 Key Steps to Mitigate Data Protection Risk
- Carry out a risk assessment - As always you
cannot manage what you cannot measure. A
benchmark of the organisational security posture
is key. - Create an Information Security Forum with
executive powers - Security is a cross department
issue. A security failure will drag in everyone
from Legal, I.T to Marketing. They all have to
become owners of this issue. - Develop and disseminate a User Awareness Campaign
- Having best practice written in an employee
handbook is not a credible attempt at data
protection. The battle for information security
is incessant. No-one in the organisation should
be unaware and hence become the weakest link. - Determine your security posture balance in
relation to business agility and then stick to it
- Information Security requires sacrifices to be
made in relation to business agility. From remote
access to device control, user functionality must
take second place to security. Gain executive buy
in and stay the distance. - Its rarely a technology issue - institutionalise
information security via a governance framework
such as ISO27001, COBIT, ITIL - Make security
part of the fabric of your organisation. Don't
reinvent the wheel but rather adopt methodologies
already proven in the industry such as
ISO27001,COBIT and ITIL.
13Appendix 2
Previous Schedule Agreed
Draft Schedule to be Agreed