The Information Security Policy states (page 3) ‘‘The PHS suite of Information Governance and Information Security Policies is under development, these will be made available on the PHS intranet and linked to in future versions of this policy.’’ The is also a commitment to communicate the Policy and associated policies and procedures to all staff (Information Security Policy page 4). The RMP (page 11) states ‘‘Following approval of the PHS policy, all staff will sign and accept the policy’’. The Keeper expects to be updated when this has taken place. […]
[T]he NHS Health Scotland IT Security Policy […] notes that all staff must confirm they have read and accept it before being given access to IT systems. Since submission, PHS have confirmed, following discussions with NHS NSS (who provide most of PHS’s IT services) and the development of a suite of PHS Information Security Policies, that a PHS IT Security Policy will be developed by the end of 2022. Updates on the development of this policy can be provided through the PUR mechanism. […]
Screenshots have been provided showing links to the NHS NSS IT Security Policy and IT Declaration form on the PHS staff intranet site. As noted above, PHS commit to making the new Information Security Policy and supporting policies available on the same staff intranet site. […]
PHS note several planned actions. These include carrying out penetration testing on network and websites on a regular basis and also monitoring non-compliant mobile devices and software. It is also noted that work will be undertaken to develop staff awareness and training, as well as a training needs analysis for information governance training which will include records management. The Keeper commends these commitments and can be updated on progress through the PUR mechanism.