- Acronis
- Aruba Networks
- Assuria
- Boldon James
- C2C
- Celestix
- Check Point
- Credant
- Cryptocard
- DESlock
- Exinda
- Extricom WLAN
- ForeScout NAC & IPS
- Imprivata SSO
- InfoGov
- IronKey
- Juniper Networks
- Loglogic
- Lumension
- McAfee
- Mimecast
- Netasq EAL4
- Palo Alto Networks
- Safend
- SecurEnvoy
- Sourcefire
- Stonesoft
- Swivel
- Symantec
- Titus Labs
- Trend Micro
- Vasco
- Verity Systems CESG Degausser
- Wallix
- Watchguard
- 1st Responder Services
- Business Support
- Database Security
- Forensics
- Information Systems Security Assessment
- ISO27001 GAP Analysis
- IT Security Awareness
- IT Security Consultancy
- IT Security Standards Compliance Assessment Service
- Penetration Testing
- Physical Security
- Service Management
- Social Engineering
- Wireless Security
- Web Application Test
Castleforce NHS Information Governance (IG) Toolkit submission service aims to assist NHS providers, Commercial third parties and NHS partners in complying with the complex and rapidly changing landscape of IGTv9.
Service Overview
- Assess/review current practices.
- Identify IG 'gaps'.
- Create IG improvement plan.
- Implement improvements.
- Assemble body of evidence.
- File IGT submission with supporting evidence.
IGT Expertises
The project will be fully managed and led by our experienced IG specialists, who have proven NHS background in assisting organisations complying with IGT and Information Security.
IGT Assessment Service from Castleforce
GPs, Dental Practices, NHS partners and other Commercial Third Parties approach Castleforce to help them comply with the IGT, because they're having trouble of finding the time to answer all the additional questions and gathering the evidence to demonstrate compliance.
Castleforce customer references
“I am so pleased with the support and guidance that has helped us achieve Level 2 in the NHS IG Toolkit. When I first saw what we needed to achieve it was daunting and seemed impossible. We are a small social enterprise without IT or IG specialists and could not have achieved this without Castleforce’s assistance. We have learnt so much along the way and now have Information Governance systems to be proud of. I would recommend Castleforce and the way you work unreservedly to anyone in our position.”
Source: Director -Other Commercial Third Party “ I was not at all looking forward to the first day long training and initiation meeting that had been set up, but was very pleasantly surprised, both by the quality of presentation, the thorough cover of all the individual topics and the clear methodology of how to manage the extensive project work involved. The majority of work had been researched and tailored to my needs before the meeting, and a custom built package had already been designed for implementation at the Practice. Whilst IG is of course a serious topic, it can be very dry and complex and needs to be carefully integrated with all aspects of clinical work and service already provided – Castleforce made this process very entertaining and I found it both fun and interesting to work with them”
“In the coming months, they continued to “gently” chivvy us along to ensure we met deadlines and were “more or less” following the time frames we had agreed. All the issues I raised were resolved and their back up, both verbal, written and electronic was excellent”. I would have no hesitation whatsoever in recommending their service”
Source: GP Lead - NHS GP Practice
Penalties for not completing the IGT submission
Connecting for Health has the power to suspend an organisation’s N3 connection. Organisations that fail to complete their IGT submissions are more prone to breach data security, because they do not have the necessary security procedures in place to protect their network. The Information Commissioners Office (ICO) can fine organisations up to £500,000 for data security breaches and it is likely that the first large fine will go to an NHS Trust.
Important changes from IGT v8 to IGT v9
1. New organisation types can now complete the Information Governance Toolkit (IGT). These new groups include;
- (a) the voluntary section. This means that any charity organisation that is involved in healthcare or that works with NHS providers to manage and process patient-level data can now complete the IGT and label themselves as having passed the Information Governance Assessment.
- (b) Organisations that process patient-level information or data for reasons other than directly informing patient care. This could be organisations that use NHS data to support research work for example.
- (c), providers of prescribed appliances. These organisations differ from pharmacists (who already have the ability to complete the IGT, as they provide supportive appliances to patients and healthcare organisations as opposed to drugs.
2. There are new deadlines for the completion of the Toolkit. NHS organisations must meet internal submission deadlines, where provisional information and scores are provided in-year, prior to the final submission of the IGT being made in March 2012.
3. All healthcare organisations, and those that process data on behalf of healthcare organisations, should ensure that their Information Governance Toolkit is completed annually, at the same time each year. This means that if an IGT submission was made against Version 8 of the Toolkit in August 2010, then an IGT submission against Version 9 should be made in August 2011.
4. The scores made and the evidential documentation that was provided to support each score against Version 8 of the IGT will be rolled over into Version 9 of the toolkit. This means that each organisation doesn't need to re-upload documentation from one year to the next. Instead they need to reassess the scores that were made against the last version, check that these scores still stand, and then re-review submitted evidence and amend, delete or add to as required.
Are you ready to complete your Connecting for Health N3/IG Toolkit submission for 2012?
Information Governance Toolkit (IGT) - Version 9
The IGT is an online system which allows NHS organisations and partners to assess themselves against Department of Health (DoH) Information Governance policies and standards. It also allows members of the public to view participating organisations' IGT assessments.
Released on 30 June 2011, IGT - version 9 is considered to be more rigorous than its predecessors with a number of significant changes. Two of the biggest changes are the key requirements and the grading scheme. Version 9 is far more detailed and prescriptive by breaking each requirement down into criteria that clearly states exactly what DoH is looking for.
IG Toolkit V8 Change Control Sheet
Advices for organisations that are acting on IGT Version 9
If using external IGT consultation services, organisations need to ensure that the consultants can deliver in the following areas.
- Must have the technical know-how and industry experiences
- Must can get the job done quickly
- Must can get the submission right at the first time
- Must provide the guidance to ensure that the systems and processes are adhered to the toolkit, filtered throughout the organisation and complied with all legislation
- Must be able to fill the gaps
Essentials for IGT Log Management
Assuria Log Manager (ALM) has achieved CESG CCTM approval and securely collects and manages audit logs to comply with regulations. The small footprint ALM agents are available for Windows, UNIX and Linux servers, databases, applications, network devices, firewalls, routers, access control systems and many more. Collection from new log sources can be added via agent plug-ins. Collected logs are stored in their original format in a standard file / folder structure with log data integrity ensured through digital signatures and cryptographic hashes.
© Copyright Castleforce 2007-2012. Web design by Theme Group