Standards and guidance
NHS Connecting for Health has a range of standards to ensure that information is processed securely and with proper regard for its confidentiality, integrity and availability.
These standards are taken from Government and industry and include:
- CRAMM
- e-Government Interoperability Framework (eGIF)
- Evaluation Assurance Level (EAL)
- ISO 27000
- IT Infrastructure Library (ITIL)
- ITSEC
- NIST
- PRINCE2
Organisations using NHS CFH digital services (including having an N3 connection) are obliged to work towards achieving and demonstrating compliance with the ISO 27000 series of standards. These standards are generally regarded as best practice in protecting the information assets of any organisation.
Information Security policies and procedures that are based on recognised standards, within organisations, allow rules, measures and procedures to be developed, safeguarding information such as sensitive patient data and corporate information.
NHS Connecting for Health is constantly examining new and alternative standards, serving different purposes as technology moves forward and demands on information increase.
As the scope of standards around Information Governance expands, NHS Connecting for Health will use them to provide additional levels of assurance around NHS information assets.