12
Information Governance and Technology Risks and Technology Risks NHS 2013 A Brave New World … Peter Sheppard South Coast Audit

Information Governance and Technology Risks in NHS 2013

Tags:

Embed Size (px)

DESCRIPTION

A presentation on Information Governance and Technology risks in the new NHS and making use of your internal audit resources to gain adequate assurance.

Citation preview

Page 1: Information Governance and Technology Risks in NHS 2013

Information Governance and Technology Risks and Technology Risks

NHS 2013

A Brave New World …

Peter SheppardSouth Coast Audit

Page 2: Information Governance and Technology Risks in NHS 2013

Purpose of Session

Food for thought – Recognising Information and

Technology risks

Constructive challenge – Posing the right questions

to management

Internal Audit - Making effective use of your Internal Internal Audit - Making effective use of your Internal

Audit resources to obtain assurance.

Page 3: Information Governance and Technology Risks in NHS 2013

The brave new world….

Page 4: Information Governance and Technology Risks in NHS 2013

Governing Information Risk –Context and Expectations

Information risk to be managed in a robust manner

Assurance to be provided in a consistent manner

Structured approach is necessary

– Identify Information Assets– Assign ownership– Assign ownership– Formalise and standardise information risk management

Builds on upon existing NHS Information Governance

Page 5: Information Governance and Technology Risks in NHS 2013

Information Risk Management Roles

Page 6: Information Governance and Technology Risks in NHS 2013

Managing Informatics Risks

Risk Mitigation

TrainingTraining

PoliciesPolicies

IntegrityIntegrity

ConfidentialityConfidentiality

ObsolescenceInvestment

Strategy

Testing

ProcessesProcesses

TrainingTraining

AvailabilityAvailability

IntegrityIntegrity

Innovation

Patient

Safety

Technical controls

Project Management

Page 7: Information Governance and Technology Risks in NHS 2013

Source: ISACA

Page 8: Information Governance and Technology Risks in NHS 2013

Consumerization of technology

Page 9: Information Governance and Technology Risks in NHS 2013

Bring Your Own Device (BYOD)Improving efficiency and effectiveness?

Empowering staff

Mobile working (getting care closer to patient)

Flexibility

Saving office costs

Enabling future organisational development

Does BYOD fit organisational needs?

BUSINESS CASE

Page 10: Information Governance and Technology Risks in NHS 2013

Bring Your Own Device (BYOD)Risks… the flip side

Sensitive Data Leakage

Unauthorised connection & Interception

Malware & data retrieval

Usability

Support costs

Theft

How do we mitigate the risks?

Page 11: Information Governance and Technology Risks in NHS 2013

BYOD: Ideas to mitigate risks…

Policy & Standards

Risk mitigation

Device Management

Remote wipe and tracking

User Support and Training

Virtual Desktop

Infrastructure

and tracking

Encryption Access Controls

and Training

Page 12: Information Governance and Technology Risks in NHS 2013

Assurance through Management and Internal Audit … Talk to us!

Informatics supports modern business processes. Informatics supports modern business processes.

Expect your management team to provide assurance

Use internal audit to gain independent assurance on

the control environment

We can help by integrating Informatics Assurance

within Internal Audit plans, Governance and Risk

Management, as well as providing independent Management, as well as providing independent

support and advice.

Peter Sheppard BSc (Hons) CISA CITP MBCS MRSC

Associate Director of IM&T Audit Services

01424 77 67 50 [email protected]


Governance and Performance Report - Welcome to NHS Lambeth … · GOVERNANCE AND PERFORMANCE REPORT NHS Lambeth Clinical Commissioning July 2017 Our Mission: Our Mission is to improve

Governance and Performance Report - Welcome to NHS Lambeth … · GOVERNANCE AND PERFORMANCE REPORT NHS Lambeth Clinical Commissioning July 2017 Our Mission: Our Mission is to improve

Documents
Social Media Governance - Beyond the Risks

Social Media Governance - Beyond the Risks

Economy & Finance
Embedding Equality, Diversity & Inclusion into NHS Governance

Embedding Equality, Diversity & Inclusion into NHS Governance

Documents
Implementation of collaborative governance in NHS

Implementation of collaborative governance in NHS

Documents
Nick Alp Milton Keynes Hospital NHS FT Oxford Radcliffe NHS Trust Bleeding risks in the major trials – It does matter

Nick Alp Milton Keynes Hospital NHS FT Oxford Radcliffe NHS Trust Bleeding risks in the major trials – It does matter

Documents
CODE OF CORPORATE GOVERNANCE 2017 - NHS Borders · SECTION B Members’ code of conduct ... Borders Integrated Joint Board will impact on the governance and functions of NHS Borders

CODE OF CORPORATE GOVERNANCE 2017 - NHS Borders · SECTION B Members’ code of conduct ... Borders Integrated Joint Board will impact on the governance and functions of NHS Borders

Documents
The state of corporate governance risks and opportunities

The state of corporate governance risks and opportunities

Documents
Glossary for NHS finance and governance (Wales)

Glossary for NHS finance and governance (Wales)

Documents
New Forms of Governance for the NHS?

New Forms of Governance for the NHS?

Documents
ADB’s Project Cycle: Managing Procurement Risks and Governance

ADB’s Project Cycle: Managing Procurement Risks and Governance

Documents
The Governance of Environmental Risks in Offshore

The Governance of Environmental Risks in Offshore

Documents
Governance of Operational/EHS Risks · 11/29/2017 · Governance of Operational/EHS Risks ... Sense of ownership of the EHS risks. ... PowerPoint Presentation Author: peter barlow

Governance of Operational/EHS Risks · 11/29/2017 · Governance of Operational/EHS Risks ... Sense of ownership of the EHS risks. ... PowerPoint Presentation Author: peter barlow

Documents
Board Governance and Emerging Risks in the C21

Board Governance and Emerging Risks in the C21

Business
Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health

Documents
The Healthy NHS Board Principles for Good Governance · We are delighted to introduce The Healthy NHS Board: principles for good governance, ... immediate policy imperatives ... The

The Healthy NHS Board Principles for Good Governance · We are delighted to introduce The Healthy NHS Board: principles for good governance, ... immediate policy imperatives ... The

Documents
Governance of Critical Infrastructures, Systemic Risks

Governance of Critical Infrastructures, Systemic Risks

Documents
All Wales Physician Associate Governance … Associate...2 NHS Wales Physician Associate Governance Framework ... NHS Wales Physician Associate Governance Framework 3 . ... If they

All Wales Physician Associate Governance … Associate...2 NHS Wales Physician Associate Governance Framework ... NHS Wales Physician Associate Governance Framework 3 . ... If they

Documents
IT Leadership, Governance, Strategic Risks Management, and Ethics

IT Leadership, Governance, Strategic Risks Management, and Ethics

Documents
CODE OF CORPORATE GOVERNANCE 2015 - NHS Borders

CODE OF CORPORATE GOVERNANCE 2015 - NHS Borders

Documents
Grant Thornton - NHS Governance Review 2013

Grant Thornton - NHS Governance Review 2013

Business
Review report: the regulation and governance of NHS charities · parties on final proposals to revise the governance of their current NHS charities that will remove regulation by

Review report: the regulation and governance of NHS charities · parties on final proposals to revise the governance of their current NHS charities that will remove regulation by

Documents
Cyuber NHS information governance toolkit IGT

Cyuber NHS information governance toolkit IGT

Healthcare
The Healthy NHS Board Principles for Good Governance · We are delighted to introduce The Healthy NHS Board: principles for good governance, ... 6 Purpose of this ... The Healthy

The Healthy NHS Board Principles for Good Governance · We are delighted to introduce The Healthy NHS Board: principles for good governance, ... 6 Purpose of this ... The Healthy

Documents
East of England Ambulance Service NHS Trust Governance Reviewtheresecoffey.co.uk/downloads/governance-report.pdf · East of England Ambulance Service NHS Trust Governance Review April

East of England Ambulance Service NHS Trust Governance Reviewtheresecoffey.co.uk/downloads/governance-report.pdf · East of England Ambulance Service NHS Trust Governance Review April

Documents
WIRRAL COMMUNITY NHS TRUST QUALITY & GOVERNANCE … 21-24 Committee... · WIRRAL COMMUNITY NHS TRUST QUALITY & GOVERNANCE COMMITTEE MEETING ... An alert had immediately been issued

WIRRAL COMMUNITY NHS TRUST QUALITY & GOVERNANCE … 21-24 Committee... · WIRRAL COMMUNITY NHS TRUST QUALITY & GOVERNANCE COMMITTEE MEETING ... An alert had immediately been issued

Documents
DEALING WITH GOVERNANCE AND CORRUPTION RISKS IN …

DEALING WITH GOVERNANCE AND CORRUPTION RISKS IN …

Documents
OECD Recommendation on the Governance of Critical Risks

OECD Recommendation on the Governance of Critical Risks

Government & Nonprofit
How Management & Governance Risks And Opportunities Factor ... · How Management & Governance Risks And Opportunities Factor Into Global Corporate Ratings November 7, 2018 Key Takeaways

How Management & Governance Risks And Opportunities Factor ... · How Management & Governance Risks And Opportunities Factor Into Global Corporate Ratings November 7, 2018 Key Takeaways

Documents
NHS Nottingham CCG West CCG CCG · NHS Nottingham North and East CCG, NHS Nottingham West CCG and NHS Rushcliffe CCG’ ... useful tool to compare practices. Governance . ... matrix

NHS Nottingham CCG West CCG CCG · NHS Nottingham North and East CCG, NHS Nottingham West CCG and NHS Rushcliffe CCG’ ... useful tool to compare practices. Governance . ... matrix

Documents
Across Cloud Computing Governance and Risks May 2010

Across Cloud Computing Governance and Risks May 2010

Documents