Could better understanding of ISO 27001 save the NHS time and money auditing their supply chain?

/ Steve Watkins, the Director, Training & Consultancy at IT Governance Ltd, spoke at the second North West Information Governance Conference in Blackburn, Lancashire last week on the subject of ISO27001 information security and the IG Toolkit – the online system which allows NHS organisations and partners to assess themselves against the policies and standards of the Department of Health Information Governance.

Steve said, “We are finding considerable interest in ISO 27001 and the IG Toolkit from NHS IG practitioners. There are also growing concerns within NHS Trusts about how much reliance can be placed on supply chain information assurance arrangements.”

Organiser, Robert Irwin, explained why he invited Steve, who is also the co-author with Alan Calder of IT Governance: A Manager’s Guide to Data Security and ISO27001/ISO27002, to speak about the relation between ISO 27001 and the IG Toolkit: “I am concerned about the misinterpretation of claims of ISO 27001 compliance and wanted to clarify how these should be interpreted and validated when managing information security through the supply chain. Properly trained and qualified ISO 27001 practitioners are able to determine exactly what weight to put on a claim of compliance and/or certification.”

The Information Governance Conference organised by the Lancashire & Cumbria IG Group covered a range of other topics on the IG Agenda for Health and Social Care organisations including: sharing personal information across organisations; correlation between IG Toolkit scores and FOI performance, enforcement by the ICO, and patient access to e-health records.

IT Governance offers foundation and advanced level ISO 27001 training appropriate for NHS IG practitioners who need to assess the level of compliance of their supply chain partners ( For those who want the fastest route to success, consultancy is available. The company delivers a specialist NHS N3 Connecting for Health Consultancy Service designed to assist NHS organisations and suppliers in becoming N3-complaint and connected ( A unique product called IG9 Documentation Toolkit is available from the company’s website which contains templates for Commercial Third Parties tackling an IG9 project themselves (

Interested organisations can find out more by telephoning + 44 845 070 1750 or e-mailing