Stratia Consulting

Important Changes to NHS Information Governance requirements and Stratia Consulting Cyber Security Consultancy services for the Healthcare sector.

Stratia Consulting offers Cyber and Information Security services to HealthCare organisations within the private, non-profit and public sector. We address the governance, policy and management aspects of information security within a healthcare organisation, to help provide a culture that values, protects and securely uses information for the success of the organisation, its business partners and benefit of its patients or service users.

Our advice and assurance services around compliance include annual submissions of the NHS Information Governance Toolkit (IGT), for organisations within the public and private sector infrastructure that are required to share, handle and process patient data or health and care information with the NHS. The IGT requirements for the many types of healthcare organisations are constructed around information governance management, confidentiality & data protection, information security and clinical information assurance.

The NHS Health Social Care Network (HSCN) is a private network and is designed as a reliable business resource to carry information, and which is only available to certain healthcare organisaxtions. This is very different from a 'secure' network, in that the HSCN doesn't provide security to prevent loss, tampering, authenticity or inappropriate usage of the information it carries, or the systems or services available through it. Patient or Service User data being transmitted across the HSCN must use appropriate encryption. It also means that if you provide systems or services over the HSCN, it's the consumers responsibility to secure them and to make decisions about who can access those systems or services.

Stratia Consultancy provides information security analysis and implementation guidance to help organisations conform to the HSCN Consumer obligations around ownership and responsibility to the HSCN Connection Agreement.

The Connection Agreement replaces the NHS N3 Information Governance Statement of Compliance (IGSoC). In doing this, the arrangements for being able to use the HSCN are separated from those relating to accessing data or systems available on the HSCN. Consumer obligations of the HSCN Connection Agreement include factors of incident reporting, cyber and information security, network monitoring compliance, securing information, access controls and information governance. These obligations are designed to help maintain the availability of the HSCN whilst improving the overall cyber security position of HSCN Consumers.

Stratia Consultancy’s Cyber risk assessment and management services for the healthcare sector provide business impact assessments and analysis of a healthcare customer’s information security management system and infrastructure. We will provide independent advice and fully document any measures required to address any identified risks. In line with recognised frameworks and HMG best practice, such as ISO 27001 or Cyber Essentials. We are also an official testing and certification body for schemes such as Cyber Essentials Plus and IASME Gold.

As a Cyber Security consultancy, other facilities provided to healthcare organisations are Privacy and GDPR Assessment services in the form of gap analysis and advice with respect to the Data Protection Act. This helps to ready a healthcare organisation for the requirements around the upcoming General Data Protection Regulation (GDPR).

About Stratia Consulting

Stratia Consulting is a specialist Information Risk Management and Security consultancy that delivers quality services to the UK public and private sectors.

We are an independent company, offering unbiased advice, that is wholly owned and governed by Information Assurance and Cyber Security specialists.

Stratia consists of a core management team of senior security consultants with several decades worth of collective Cyber Security experience. This experience is gained from a wide variety of government departments, public services, the military, as well as finance, utilities and many other private sector organisations. Around this are a team of passionate and highly qualified consultants and diverse subject matter experts that can efficiently provide the right resources to address the specific project in hand.

Stratia Consulting holds the National Cyber Security Centre (CESG) Certified Cyber Security consultancy certification that has replaced the CESG Listed Advisory Scheme (CLAS). This status is the result of detailed scrutiny of us and our activities, by HMG’s National Technical Authority on Cyber Security, and allows us to act in their name on such matters, and provide best practice advice.

We are also an HMG Approved supplier for Cyber Security Services (on multiple frameworks) and an IASME Consortium Gold Certification partner for the IASME and Cyber Essentials Plus qualifications. Many of our principal consultants are certified ISO 27001 Lead Implementers.

0800 6440193