Amalgamation of the Information Security Policy Framework and the Scottish Public Sector Cyber Resilience Framework.

Posted by: sysadmin - Posted on:

The categories and controls defined by the NHSS Information Security Policy Framework : 2018 (now superseded) were previously adopted as the basis for the NIS Audit and Review Programme. To harmonise with Local Authority Care Services security assessments and to ensure consistency across public bodies, the audit was structured in a manner consistent with the Public Sector Cyber Resilience Framework. This also had the additional benefit of enabling health boards to utilise the Scottish Government’s self-assessment tool if they wish.

The Scottish Health Competent Authority advises that from 2022 onwards NHSS Information Security Policy Framework : 2018 shall no longer be in use and the Scottish Government Cyber Resilience Framework which applies to all public bodies in Scotland, including health boards and Local Authorities shall be wholly adopted as the framework to which NIS compliance audits shall be conducted against. This has the benefit of a uniform set of criteria for cyber security across all public bodies and for health will have the added benefit of better enabling the integration of health and care between the NHS and Local Authorities in a manner consistent with the Digital Health and Care Strategy.

Amalgamation of the Information Security Policy Framework and the Scottish Public Sector Cyber Resilience Framework