Information requested
- Are the Data Centre's operated by or for the organisation fit for purpose? For example, is there a Business Continuity Plan, is there Disaster Recovery in place or is it a single site?
- Is there any capital investment in data centres planned in the next 36 months? For example, Mechanical & Electrical or refresh of equipment within the DC such as network, storage area network?
- Is data privacy and or information security compliance a priority for the organisation’s board?
-
On your Organisation’s risk register, are there any Information Technology related risks?
- If time/ cost allows, please list the top three related risks.
-
Are the cyber security vulnerabilities within the organisation’s existing Information Technology estate increasing?
- Has the organisation had a security breach in the past 12 months?
- Did the organisation meet its Information Technology savings target in the last Financial Year?
- What percentage of Information Technology budget is currently allocated to “on-premises” capability vs “cloud” capability?
- Does the organisation have the skills and resource levels necessary for moving to the cloud?
- What percentage of the Information Technology department headcount are software developers?
-
In relation to contracts with Amazon Web Services, Microsoft for Azure and/or Google for Google Cloud, was the monthly expenditure higher than budgeted?
- If yes, has the organisation been able to subsequently reduce the cost whilst maintaining service levels for users?
NHSCFA response
-
Are the Data Centre's operated by or for the organisation fit for purpose? For example, is there a Business Continuity Plan, is there Disaster Recovery in place or is it a single site?
Yes, full business continuity and disaster recovery plans are in place.
-
Is there any capital investment in data centres planned in the next 36 months? For example, Mechanical & Electrical or refresh of equipment within the DC such as network, storage area network?
Yes, however this work will be provided by our contracted Management Infrastructure Supplier – Agilisys.
-
Is data privacy and or information security compliance a priority for the organisation’s board?
Yes, the Board take a keen interest in our Data Privacy and Information Security compliance. NHSCFA is ISO27001 accredited and maintains compliance with the PSN Code of Connection. It was at the Board’s request that we monitor our Cyber Security as an organisation risk.
-
On your Organisation’s risk register, are there any Information Technology related risks?
Yes.
-
If time/ cost allows, please list the top three related risks.
Cyber attacks
Out of hours IT support
Shortage of skilled IT and analytics resource.
-
If time/ cost allows, please list the top three related risks.
-
Are the cyber security vulnerabilities within the organisation’s existing Information Technology estate increasing?
No, they are under constant review and mitigation with regular health checks (Penetration Testing).
- Has the organisation had a security breach in the past 12 months?
No.
- Has the organisation had a security breach in the past 12 months?
-
Did the organisation meet its Information Technology savings target in the last Financial Year?
Information Technology was delivered on budget.
-
What percentage of Information Technology budget is currently allocated to “on-premises” capability vs “cloud” capability?
There is no recorded percentage allocation, however currently we have a significantly larger on-premises capability.
-
Does the organisation have the skills and resource levels necessary for moving to the cloud?
The organisation has a combination of in-house skills and contracted suppliers with the required skills.
-
What percentage of the Information Technology department headcount are software developers?
32%
-
In relation to contracts with Amazon Web Services, Microsoft for Azure and/or Google for Google Cloud, was the monthly expenditure higher than budgeted?
As budgeted.
- If yes, has the organisation been able to subsequently reduce the cost whilst maintaining service levels for users?