Georgia Hodgson, Test QA for Bluespier, explains why leading a information security project was a great professional development opportunity, what to expect from an ISO audit, and how the journey to certification resulted in some surprising internal culture changes.
Bluespier products are used by healthcare professionals in over 40 NHS Trusts and hospitals, serving millions of patients across the U.K. The NHS is demanding more from their technology suppliers in regards to data security, and an ISO 27001 certification is becoming an increasingly mandatory standard for software supplied to the NHS.
“At first, leading the project was a bit daunting,” said Georgia. “As a healthcare tech product it’s so important for us that customers have complete trust in how we handle and look after their data so it was crucial the accreditation process went smoothly.”
“I’ve always had an interest in information security, but to know that our leadership team trusted and supported me to deliver on this was a huge confidence boost and professional development opportunity for me.”
To begin, Georgia attended an ISO accreditation training course, to obtain crucial training and learning around the details, the approach and what to expect from the audit. She also had access to the Clanwilliam ISO network, which included colleagues who had already been through the process, to ask questions and share experiences.
“That training and network was invaluable. It became clear that this is not just an information security piece but a cultural piece – my role was to guide the process but the end result is that whole team needs to be equally responsible for self-auditing and thinking ‘ISO’ in every project we do.”
The comprehensive audit itself was rigorous, with the team undergoing six months of self-assessment against a certification test plan, followed by a detailed audit by the certification body.
Georgia explains; “Information security spans so much and a project like this really helps to focus your policies and procedures around actual real life examples. We were tested on anything from how you’d maintain business continuity if you couldn’t access the office unexpectedly – which actually did happen to us one time when the key broke in the lock!! – to the steps if there is a patient data breach, how to correctly version and provide robust audit trails, and everything that helps maintain structured, proactive data safety.”
In December 2022, Bluespier was awarded its accreditation – joining three other Clanwilliam accredited product lines, Dictate IT, Informatica and Medisec. Clanwilliam can provide further assurance to its NHS customers that their data, and the data of their patients, is managed to the highest of standards. But the work doesn’t stop there.
“Now it’s about living out our procedures and processes and ensuring we’re keeping data security at the front of our minds at all times so our customers have one less thing to worry about,” says Georgia. “It’s made us work better as a team and as a software partner as we have such confidence in our approach – our culture has completely shifted and we work together in a completely different way which has been an unexpected by exciting output!”
“It’s a really proud moment to see processes that I’ve helped shape working in real life.”
Bluespier is part of Clanwilliam, serving our UK portfolio of healthcare customers. The clinically driven software suite helps to transform and modernise workflows in theatres, pre-operative clinics, virtual clinics and stock management in NHS Trusts and hospitals. To read more about how Bluespier’s products are transforming clinical care in theatres and beyond, visit: www.bluespier.com