Information Governance and Technology Risks in NHS 2013
-
Upload
south-coast-audit -
Category
Health & Medicine
-
view
141 -
download
0
description
Transcript of Information Governance and Technology Risks in NHS 2013
Information Governance and Technology Risks and Technology Risks
NHS 2013
A Brave New World …
Peter SheppardSouth Coast Audit
Purpose of Session
Food for thought – Recognising Information and
Technology risks
Constructive challenge – Posing the right questions
to management
Internal Audit - Making effective use of your Internal Internal Audit - Making effective use of your Internal
Audit resources to obtain assurance.
The brave new world….
Governing Information Risk –Context and Expectations
Information risk to be managed in a robust manner
Assurance to be provided in a consistent manner
Structured approach is necessary
– Identify Information Assets– Assign ownership– Assign ownership– Formalise and standardise information risk management
Builds on upon existing NHS Information Governance
Information Risk Management Roles
Managing Informatics Risks
Risk Mitigation
TrainingTraining
PoliciesPolicies
IntegrityIntegrity
ConfidentialityConfidentiality
ObsolescenceInvestment
Strategy
Testing
ProcessesProcesses
TrainingTraining
AvailabilityAvailability
IntegrityIntegrity
Innovation
Patient
Safety
Technical controls
Project Management
Source: ISACA
Consumerization of technology
Bring Your Own Device (BYOD)Improving efficiency and effectiveness?
Empowering staff
Mobile working (getting care closer to patient)
Flexibility
Saving office costs
Enabling future organisational development
Does BYOD fit organisational needs?
BUSINESS CASE
Bring Your Own Device (BYOD)Risks… the flip side
Sensitive Data Leakage
Unauthorised connection & Interception
Malware & data retrieval
Usability
Support costs
Theft
How do we mitigate the risks?
BYOD: Ideas to mitigate risks…
Policy & Standards
Risk mitigation
Device Management
Remote wipe and tracking
User Support and Training
Virtual Desktop
Infrastructure
and tracking
Encryption Access Controls
and Training
Assurance through Management and Internal Audit … Talk to us!
Informatics supports modern business processes. Informatics supports modern business processes.
Expect your management team to provide assurance
Use internal audit to gain independent assurance on
the control environment
We can help by integrating Informatics Assurance
within Internal Audit plans, Governance and Risk
Management, as well as providing independent Management, as well as providing independent
support and advice.
Peter Sheppard BSc (Hons) CISA CITP MBCS MRSC
Associate Director of IM&T Audit Services
01424 77 67 50 [email protected]