Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
hiddentrue

Description

Info Sec at PKB, includes encryption, access control, logging, IDS and patching

Next review on

Review cycle:

Various, add date of next certification dueTask

Review cycle:

6 monthly

Patients Know Best is NHS Data Security and Protection Toolkit (DSPT) and Cyber Essentials Plus certified, ISO27001 compliant and follows the strict information handling requirements of these standards.

...

Expand
titleMulti-Factor Authentication (MFA)

Patients Know Best have a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO. Passwords are stored in a company managed password manager.

Patients Know Best supports OTP Single-Sign-On (SSO) for secure identity management and credentials including systems such as EMIS and SystmOne. Additionally, PKB allows patients to open their PKB healthcare record using NHS login.

Expand
titlePatch management

Patient Knows Best’s patch management process Patients Knows Best pushes security updates fast and consistentlywithin patch remediation objectives. Upon finding an issue in the production environment PKB evaluate to determine the impact. If an issue highlights a significant disruption to functionality or performance of the system or is considered a potential clinical/IG risk then a patch/release is scheduled as soon as a fix is ready. For critical issues downtime may occur during the day otherwise the fix will be scheduled in the evening when usage is lower.

Expand
titleSecure Development Lifecycle

Patients Know Best’s approach includes peer review, automated testing, and static code analysis prior to deployment into production.

Responsive software development means new features, resiliency improvements , and bug fixes arrive bi-weekly (or more frequently in the case of critical patching), and seamlessly.

Patients Know Best practices Agile software development, with a general lifecycle enforced by CI/CD controls. Customer data is never used as part of development lifecycle and testing.

...

Expand
titleCloud host security

The Patients Know Best platform is is deployed as a multi-tenant, Software as a Service architecture is run on fault-tolerant servers at Google Cloud Platform (GCP).

In addition to managed services for Patient Knows Patients Know Best infrastructure, GCP provides physical security and environmental protection controls, including the use of secure perimeter defence systems, comprehensive camera coverage, biometric authentication, and a 24/7 guard staff. In addition, they enforce a strict access and security policy at data centres, ensuring all staff are trained to be security minded.

For more information see here

Expand
titleBusiness continuity and disaster recovery

Patient Knows Patients Know Best's Business Continuity and Disaster Recovery (BCDR) strategy is a proactive and comprehensive plan designed to ensure uninterrupted operations and data protectionresilience. Data security availability is a top priority, with encryption and access controls in placePKB architecture ensures data resilience and we maintain maintain full redundancy for critical services. Regular testing and validation are performed and , reviewed and approved annually.