Supply Management
- Bruce Miller (Staff)
PURPOSE
HIC Services requires the security of its information to be maintained in order to ensure that it is able to rely on its information for its business needs and meets its statutory, regulatory and contractual obligations. Such security is critical to achieve and maintain ISO/IEC 27001:2013 based security controls.Â
SCOPE
This will cover all suppliers to HIC which have an effect on the security of its information
RESPONSIBILITIES
Â
ROLE | RESPONSIBILITY |
Development Team | Responsible for implementing monitoring within applications and for actively monitoring the Service Catalogue for service status. |
PROCEDURE
StepsÂ
Where possible, service monitoring is performed throughout the entire life of a service / project within HIC. In the occurrence of an important event, relevant members of staff are notified. Levels of expected service will be agreed with the Client during the requirements stage.Â
Any organisation accessing, processing, communicating, or managing HIC’s information must do so such that HIC’s legal, regulatory and contractual obligations are met.  Â
Any handling of personal data beyond the HIC environment must obtain the necessary approvals from the data controller prior to processing  Â
Access to information assets and systems will be the minimum necessary to achieve business purposes. Â
Supplier personnel may only enter HIC’s premises with appropriate identification and may only enter areas of HIC’s premises commensurate with their function and, where appropriate (for example, in security areas), escorted by HIC staff. Â
Where a supplier is contracted to manage a service utilising or connected to HIC information, information assets or information systems, the supplier must ensure that an information security management system employed to secure HIC data, information assets or information systems is in place and where appropriate complies with ISO/IEC 27001. Evidence must be provided to HIC of compliance with the standard, either through formal certification or otherwise to HIC’s satisfaction before any HIC information, information assets or information systems are accessed by the supplier. Â
Suppliers must have a security incident reporting process in place to a standard and design acceptable to HIC to ensure that any incidents involving HIC information are immediately reported to HIC. Suppliers must agree to undertake any remedial action required by HIC and ensure that this is implemented in an auditable manner. Â
APPLICABLE REFERENCES
Registered company office address and registration number in the UKÂ
For Definitions see ISMS Glossary
QUALITY RECORDS
Supplier Assessment
Catalogue of suppliers
DOCUMENT CONTROLS
Process Manager | Point of Contact |
|---|---|
Keith Milburn |
revision number | revision date | revision made | revision by | Revision category | Approved by | Effective Date |
|---|---|---|---|---|---|---|
1.0 | 01/01.24 | Moved SOP to Confluence from SharePoint and updated into new template | Bruce Miller and Symone Sheane | Superficial | Governance Co-Ordinator: Symone Sheane | 10/01/24 |
1.1 | 04/04/24 | Updated Roles and Responsibilities | Bruce Miller | Superficial | Governance Co-Ordinator: Symone Sheane | 5/04/24 |
1.2 | 10/04/24 | Formatted document control table and added in revision category | Symone Sheane | Superficial | Governance Co-Ordinator: Symone Sheane | 10/04/24 |
1.3 | 19/04/24 | Updated Approved by title | Symone Sheane | Superficial | Governance Co-Ordinator: Symone Sheane | 19/04/24 |
1.4 | 30/04/24 | Updated Header to conform with BSI guidelines | Bruce Miller | Superficial | Governance Co-Ordinator: Symone | 30/04/24 |
Copyright Health Informatics Centre. All rights reserved. May not be reproduced without permission.
All hard copies should be checked against the current electronic version within current versioning system
prior to use and destroyed promptly thereafter. All hard copies are considered Uncontrolled documents.Â