How Ardens were able to protect data and reduce work on accreditations compliance with an ISO 27001 certification
Ardens Healthcare Informatics
The Requirement
Ardens Healthcare Informatics is a leading provider of Clinical Decision and Data Analytics used by around 6000 SystmOne and EMIS Web healthcare practices across England. Ardens has contracts with many ICBs, STPs and PCNs across England and many other groups too. Ardens have also worked with the RCGP, BMA, Wessex LMC, Vanguards and Prisons. Ardens is a clinically and technically led company which understands the issues faced within Primary Care on a daily basis. The whole team is passionate about using informatics to improve patient care and continues to evolve with its ever changing healthcare environment.
As the data that Ardens Clinical and Ardens Manager deals with is healthcare related and therefore categorised as sensitive, data security is paramount to the business. A few years ago, Ardens identified that an ISO 27001 certification would not only put formality around its information security management processes but also give its contracted partners the confidence that any data that was processed by Ardens would be secure.
The Ardens team knew that the ISO certification process involved a lot of detailed work around the standard, so set about looking for a provider to offer expertise and guidance throughout the process.
To learn more about ARU’s requirements, read the full case study.
“Everything has gone really well, working with the DigitalXRAID team, and we want to continue the relationship because the support has been invaluable to us.
All the work that has happened behind the scenes, checking the policies, has been spot on. We received detailed guidance throughout the process to ISO certification and beyond, which is exactly what we needed to succeed.”
Mick Smith, Senior Support Manager and Compliance Officer, Ardens Healthcare Informatics
The Solution
After conducting some online research into ISO certification providers and speaking with a few providers about their service, DigitalXRAID was chosen as the best fit for Ardens.
DigitalXRAID immediately set about understanding the requirements that Ardens had in line with their healthcare contracts and sensitive data handling, and supplied a detailed outline of what would be needed throughout the process.
Before certification, work was needed to create the standards and test the audit process, to ensure that everything met the ISO 27001 standards and controls. The DigitalXRAID team provided guidance so that this process wasn’t arduous and to ensure that everything produced was in line with the ISO standard.
DigitalXRAID completed a risk assessment and gap analysis for Ardens to assess what processes, information security management systems and controls had been put in place and what areas needed action. Any areas of improvement that had been identified in the initial gap analysis, and recommendations to implement the framework to become ISO 27001 compliant, were made and put into action.
Following a two-stage audit process, conducted with a UKAS certified body, all internal documentation, policies and processes were validated with no non-conformances, and Ardens was awarded the ISO 27001 certification on the very first assessment.
To learn more about the results of the ISO 27001 framework implementation, read the full case study.
Cyber Security Experts
Accredited and regulated, we're in the top 1% of cyber security agencies globally
We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.
Protect Your Business & Your Reputation.
With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.
