The following flow diagram demonstrates how our digital solution is integrated into the operational process flow through the wet laboratory from dissection to reporting.
NHS Digital IG Tool Kit
Pathognomics have appointed IGT4Healthcare to assist the company design and Implement a Information governance Programme. IGT4Helathcare has extensive experience with IG Toolkit projects and have helped many organisations improve thier data protection, and IT security processes to make a successful IG toolkit submission. The IGT4 Healthcare team includes consultants with several industry leading qualifications including IS2CISSP, ISO 27001 Lead auditor, ISACA CISM, ISO 27001 Lead Implementer, exCLAS etc
The threat of security is ever present and only highlighted following the recent Cyber Attack that has taken place against the NHS.
We operate a full digital solution and understand that the best policy in the management of cyber security is good information security hygiene implementing all necessary Care CERT recommendations. To achieve this, we work in partnership with our suppliers to implement a five-step process supported by the NCSC and in line with GPG:
- Patching and Operating System
We operate a Windows 10 environment within the laboratory, and Windows Server 2012. Each computer and server is patched to the latest Windows and OS updates on an open update policy ensuring that a machine is updated the moment a release is made by the OS provider and well within 30 days of any patch release.
All computers and servers implement anti-virus software including Windows defender as appropriate to the operating systems requirements.
- Manage network boundary
We maintain a secure network boundary with no information stored on portable storage systems. All confidential data is on a secure sever hosted by Rackspace. Access to this data is through a secure website encrypted by SSL T1.1 and T2.1. Our confidential data is stored on a separate database to the website within our hosted servers. There is no access to the data base other than through a single secure IP and single port.
We implement our SSL to an overall grade “A” rating and operate Penetration testing (PEN) of our website and servers.
Rackspace maintain our secure Firewall implementing a multi-layered approach to securing their cloud services and infrastructure to meet the strictest industry standards — including ISO 27002 and 27001, PCI-DSS, SSAE16, SOC 1, 2, and 3, Privacy Shield and Content Protection and Security Standard requirements.
- Actively manage access and permission levels and passwords
System-generated passwords are implemented for all users. Each user profile is actively managed within our LIMS system with access levels that restrict or grant access as required to differing levels of confidential data. Access levels are actively managed by the Laboratory Manager with allocation determined and granted by our Caldicott Guardian.
- Monitor network activity proactively
All activity within our LIMS systems is tracked and audited, monitoring access, behaviours, and that trained and best practices are being implemented in line with our policies as defined in our QMS. We know who has made what changes and when, and when confidential data has been printed.