Skip to main content

On-site assessments

We offer free on-site assessments to help your NHS organisation identify vulnerabilities and understand and overcome areas of high risk. This will help your organisation to achieve the Cyber Essentials Plus accreditation, which is mandatory from 2021.

About on-site assessments  

The recommendation plan will help you to prioritise which actions to take to improve your organisation’s cyber security levels.   

These assessments are for NHS trusts and Commissioning Support Units (CSUs).

Benefits

Improve your organisation’s cyber security and increase patient safety  

Achieve the Cyber Essentials Plus accreditation and Cyber Essentials Plus (CE+) equivalence

Fulfil your obligations under the Network and Information Systems (NIS) directive and prepare for the cyber security element of the Care Quality Commission (CQC) inspection    

What the assessment involves 

You need to complete a self-assessment questionnaire two weeks before the assessment, to give you an overview of your current cyber security position.   

An independent team will carry out the four-day on-site assessment. This will involve a detailed technical review of your organisation’s workstations, providing evidence of compliance.  

Find out what the assessment covers by expanding each option: 

Access control management

Ensuring all staff can access systems and have the correct level of access to only the data that they need.

Malware protection

Verifying the effectiveness of protection mechanisms and the detection of malicious files entering the network via website and email traffic.

Log management

Checking that there is correct information being stored securely to support the investigation of a cyber incident.

Patch management

Looking at the capability to deploy updates to the hardware and software used across the organisation.

Threat and vulnerability management

Supporting the ability to identify cyber vulnerabilities and understanding the threat exposure.

After the assessment

You will receive a detailed report within 10 working days of the assessment, outlining the highest risks and critical areas. This report will include suggested actions and how we can support your organisation, including technical fixes, training and communications.  

To support progress, there will be a follow-up on-site assessment (lasting one day) two months later. A full review will be carried out annually.

Register for an on-site assessment 

To register for an assessment, email  exeter.helpdesk@nhs.net. Please include the following information for two suitable contacts in your organisation: 

  • Tick Image

    Names

  • Tick Image

    Job roles

  • Tick Image

    Email addresses

  • Tick Image

    Phone numbers

The supplier will then be in touch to arrange your on-site assessment.  

Last edited: 26 May 2020 8:31 am