ISO 27001 certification not only ensures data security but also enables proactive measures during unprecedented times like the global pandemic.
Amid the whirlwind of challenges posed by the COVID-19 pandemic, NHS Greater Manchester Shared Services (NHS GMSS) found itself at the forefront of organisational resilience, thanks in part to its recent attainment of ISO 27001 certification. The journey to certification, led by Phil Scott, IT security manager, not only solidified their commitment to data security but also laid the groundwork for a remarkably swift and well-prepared response in the face of the pandemic.
NHS GMSS, a vital partner in the health and care system, recognised the critical importance of safeguarding sensitive data amid growing concerns about data breaches in the healthcare industry. Phil Scott’s vision extended beyond just compliance; it aimed to establish NHS GMSS as a trailblazer in IT security within the NHS realm.
The ISO 27001 certification, renowned for its comprehensive information security management system, goes beyond mere cyber security. It encompasses a holistic framework of policies and procedures designed to mitigate security risks across an organisation's spectrum of information management.
Phil emphasised the value of the auditing process led by BM TRADA, praising the thoroughness and professional insights provided. Little did they know that their proactive approach to ISO 27001 would become a game-changer during the onset of the global health crisis.
Mohamed Fadil, Risk, Audit, and Business Continuity Manager at NHS GMSS, highlighted how their ISO-preparedness expedited their response to COVID-19. Months before the outbreak gained momentum, the organisation conducted tabletop exercises, identifying vulnerabilities and devising proactive solutions. This foresight allowed the rapid deployment of laptops and hardware kits, enabling a seamless shift to remote work for all employees and ensuring uninterrupted service delivery to over 13,000 service-users.
The successful adaptation during the pandemic, with a robust business continuity system in place, echoed the essence of ISO 27001—creating an organisational culture centred on continual improvement and preparedness.
The certification's positive impact transcends operational efficiency; it plays a pivotal role in business retention and development, instilling confidence in customers, employees, and stakeholders. Phil and Mohamed both highlighted the cultural shift instigated by ISO 27001, emphasising its integration into the organisation’s DNA, transforming the way teams perceive and mitigate risks.
Despite the challenging circumstances, the final phase of the audit was completed remotely, showcasing the adaptability and resilience of both NHS GMSS and BM TRADA in ensuring a seamless certification process.
Adam Colyer, Business Development Manager at BM TRADA, stressed the significance of ISO 27001 in safeguarding critical information, especially as remote work increases vulnerability to cyber threats. He underlined the importance of proactive data protection measures in an evolving work landscape, urging businesses to prioritise data safety alongside physical safety considerations.
The certification stands not just as a badge of compliance but as a testament to NHS GMSS's commitment to security, preparedness, and resilience, exemplifying the pivotal role ISO standards play in navigating today’s complex operational environments.
A message from our sponsors, The Ideas Distillery:
If you would like to look at how to implement an ISO 27001 information security management system, then simply contact us.
Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).
Comments