Skip to main content
Business Applications Guidance

Industry standards


Summary

A list and links to specific industry standards applicable to the service.

  1. The Internet Engineering Task Force (IETF) has renamed SSLv3 as TLS: RFC 2246
  2. (IETF) IPSec protocols RFC4301/4302/4303
  3. Mobile IPv4 RADIUS RFC5030

IG, security and user considerations

A key consideration for any remote access service is the requirement that patient data is safe and protected. There are many rules that govern controls and protection when accessing systems and application remotely. Some of these rules are provided via national guidance and others are defined and managed by the local NHS organisation (by their Caldicott Guardian) and as part of end users terms of service usage. The list below is only a small sample of some of the high level security considerations.

Provision of a securely managed remote access service platform adhering to ISO27001 standards:

  1. Locally managed services compliance
  2. Cloud based solution accreditation

Ensuring remote access users are authenticated onto the platforms:

  1. The correct authentication architecture is deployed e.g. Users are only allowed access to services/ applications that they are authorised to use.
  2. Adherence to current NHS IG Toolkit, CESG and GDS security principles 
  3. Appropriate tools to monitor and audit usage of services
  4. End user management
  5. Ensuring that software updates and patches are applied 
  6. Password management /User authentication management

Device/machine management:

  1. Ability in managing lost or stolen devices effectively

Central remote access infrastructure security

  1. Firewall management
  2. Patching management
  3. Anti-Virus management

The items above are just a very small sample of key security considerations. Open a detailed view of the security requirements and obligations for NHS IT systems, administrators and users.

Information governance toolkit

Last edited: 19 October 2018 2:28 pm