Submission on behalf of Baronscourt Technology Limited
As an organisation that works extensively with the Health service in Ireland and the UK, we would like to highlight an area of Information Management that is largely ignored until a data failure occurs. This is the aspect of Information User accountability. Unfortunately we all live in a society where even the insurance companies, in the event of an accident, encourage us not to accept responsibility for our own actions. The blurring of the line between the computer being a business tool or an entertainment device has exacerbated the problem further.
Quite simply if the Health Service removes “ignorance as a defense” and increases the relationship between disciplinary action and accountability for information integrity, the state of information security within the Health Service will improve dramatically. There are numerous studies to show that the most tangible threat to the organisations information stores stems from within the company. This is usually termed the “Insider Threat”. Only by adopting a best practice Information security culture can data integrity have any chance of success. Automation should be adopted that gets people to sign up to best practice in order to do away with plausible deniability and slack work practices. Regular, at least quarterly, risk awareness surveys should be undertaken with all staff to measure if the information security culture is improving.
The UK has addressed this issue within Local Government by requiring all Local Authorities to have obtained ISO27001 by the end of 2009. This is a formal information governance standard that is common in industry and provides a readymade framework against which Health organisations can be directed.
In summary, the state of mind and attitudes of all parties involved in the Health Sector much change and be held accountable if systematic data loss is not to become the bane of the industry.
Robert O’Brien
CEO
Baronscourt Technology Limited
Carrownamaddy
Burt
Co. Donegal