Skip to main content

Part of NHS architecture principles

Adopt appropriate cyber security standards

Services must adopt the appropriate cyber security standards, including keeping all software, networks and systems up to date​​.

Current Chapter

Current chapter – Adopt appropriate cyber security standards


Page contents

Summary

Services must adopt the appropriate cyber security standards, including keeping all software, networks and systems up to date​​.


Rationale

It is critical that we maintain public trust in how we hold, share and use data. Clear and mandated standards, guidance and frameworks for this will underpin the delivery of services.

Outcomes that meet user need are based on the General Data Protection Regulation (GDPR) and consent, where appropriate.

We need to maintain a safe and secure data infrastructure that protects health and care services, patients and the public. The digital architecture of the health and care system needs to be underpinned by clear and commonly understood data and cyber security standards, mandated across the NHS, to ensure we are secure by default.

Penalties for data breaches promote best practice, and in doing so are effective in protecting patients’ privacy.


Implication

Digital Services must conform to cyber security best practice during design, development, operation and maintenance phases, as specified by:

  • Cyber Design Authority (CDA)
  • National Cyber Security Centre
  • vendor best practice

This should be shown through a statement of conformance to security standards and through non-functional testing. Since cyber security standards change, conformance will need to be regularly assessed and maintained through the lifecycle of the service.

Last edited: 29 October 2020 4:56 pm