Last November, Health Secretary Matt Hancock told NHS chiefs: “If you haven’t got your CIO [chief information officer] on board then you need to be asking serious questions of yourself.”
Hancock argued that CIOs were vital to developing the necessary systems and making best use of data, and that trusts should have a CIO “probably on their board, certainly reporting directly to the chief executive, and I find it very surprising many people are not moving in this direction”.
However, despite Hancock’s championing of tech leaders, the NHS is haemorrhaging them at a rapid rate. Among them is Richard Corbridge, former chief digital and information officer at Leeds Teaching Hospitals, who recently moved to the private sector after less than two years in the role.
Why are so many CIOs leaving?
While the higher salaries offered in the private sector are an obvious lure, Corbridge believes it is the NHS’s failure to prioritise and fund IT that is leading to the mass exodus.
“Hospital systems have yet to make the connection between poor IT capability – slow machines, bad WiFi and password multiplicity – and investment decisions at board level and beyond.
“The mantra ‘IT is not free’ needs to be still reiterated to every board in the NHS, digital ambition requires prioritisation and funding.”
Writing for The Telegraph, he said: “For a digital health leader, the situation is excruciating. The ideas are there, the intention is there, but without money to deliver innovation we’re stuck in a state of paralysis.”
A matter for the board
The support of the board is critical to the success of any IT or information security project. Faced with limited budgets, CIOs in the NHS can present a structured argument by way of ISO 27001, the international standard for an ISMS (information security management system), to maximise their chances of getting the necessary resources. The Standard is designed to help organisations manage their information security processes in line with international best practice while optimising costs.
ISO 27001 also supports compliance with a host of laws and regulations, including the NIS (Network and Information Systems) Regulations and the GDPR (General Data Protection Regulation), as well as the DSP (Data Security and Protection) Toolkit.
Manage your compliance
Compliance Manager is a comprehensive software tool that helps you meet your regulatory requirements, track your progress and maintain compliance in one place. Its interactive, customisable database lists the relevant clauses from each law, offers implementation guidance and maps the requirements against the appropriate best-practice controls from Annex A of ISO 27001.
For more information on how Vigilant Software can help you manage your data privacy and cyber risk, get in touch today.
Our easy-to-integrate, Cloud-based tools include – vsRisk Cloud, the Data Flow Mapping Tool, the DPIA Tool, GDPR Manager, Compliance Manager and CyberComply, our all in one platform for data privacy and cyber risk auditing, reporting and management – Book a demo today.