Info-security first for the NHS of England and Wales


 May 31, 2002 

Two key agencies of the National Health Service of England and Wales (NHS) have become the first in the NHS to achieve an international information security award.

The award - BS 7799 registration - was presented by BSI, the global management system certification and quality assurance leader.

BS 7799 registration is widely regarded as the ultimate industry benchmark in information security, and the awards - to the NHS Purchasing and Supply Agency and the NHS Dental Practice Board - will reassure their customers about the security of their data.

Potentially, a single breach of information security could be catastrophic for any organization. For the NHS, whose stored information is vast and inherently sensitive, the risks are magnified. Medical records, patient files, and research information are stored on paper, computer disks and in peoples' heads. 

Nick Moy, managing director of BSI Management Systems, said: "All government organisations in the UK are required by the Cabinet Office to work towards achieving compliance with BS 7799. The Purchasing and Supply Agency and the Dental Practice Board must be congratulated for showing the enterprise and leadership to be the first in the NHS to gain this important benchmark.

"As the world's leading provider of BS 7799-related services, ranging from consultancy and training through to registration, BSI is proud to have been involved in this important achievement for the NHS. We are seeing a lot of interest among health authorities in other countries who are seeking registration, so these successes in the UK are likely to be the first of many, both within the NHS and worldwide."

NHS Purchasing and Supply Agency

The NHS Purchasing and Supply Agency ( aims to be the centre of expertise, knowledge and guidance on purchasing and supply matters for the health service. As well as advising on policy and the strategic direction of procurement, the agency also contracts on a national basis for products and services that are strategically critical to the NHS.

Its successful registration follows a challenging two-year work program that saw the agency review and reinforce its policies and management systems around the protection of the information it holds. BSI audits ensure that the agency complies with the standard and that its information management and security systems are continually reviewed and improved.

The NHS Purchasing and Supply Agency's head of IT operations, security and web development, Mark Buggy, led the project team responsible for achieving BS 7799. He said: “Achieving BS7799 certification ensures we operate good security and information practices. This is of the utmost importance as it enables us to safeguard against loss of data and it teaches us the value of information and its crucial role in our business."

Duncan Eaton, Chief Executive of the NHS Purchasing and Supply Agency added: “Information security is a priority for us. Much of what we do in the Agency involves creating, retrieving, analysing or storing information. We all have a responsibility to ensure that the information we work with is not abused or misused in any way, and achieving BS 7799 certification is testament to our efforts and commitment."

NHS Dental Practice Board

The other NHS organisation to achieve registration, the Dental Practice Board of England & Wales, ( provides a payment, treatment authorisation and quality audit service for NHS dentistry.

The DPB is a statutory NHS body, accountable to the Department of Health and National Assembly for Wales. Its activities are an important part of dentistry within the NHS. The DPB pays dentists practicing in the general dental services of the NHS and undertakes quality and financial audits associated with this to protect the interests of patients, dentists and taxpayers.

Ian Cooper, Data Manager for the Dental Practice Board commented: “We take information security seriously so it was a natural thing for us to want to comply with this British Standard. I am delighted that our hard work over the past twelve months preparing for the assessment has been rewarded. This was a team effort involving all our staff and our IT and data capture suppliers."

Registration to BS 7799 provides positive benefits to organizations, particularly in today's legal and regulatory framework. It helps businesses and public sector organizations to be more efficient by reducing the disruption and expense of recovering from potential information losses or misuse. It also reassures existing and potential customers and business partners. During the assessment of the DPB, BSI observed that: “a lot of excellent work has been completed", they went on to say that: “it is clear that the management team are committed to the operation and maintenance of the Information Security Management Systems."

The DPB beleives that work does not stop with the achievement of this standard; the challenge now for Ian Cooper and his colleagues is to maintain their performance, whilst looking for opportunities to continuously improve, in line with the DPB's commitment to continuous improvement.

John Taylor, chief executive of the DPB commented: “In the relentless pursuit of improvement, we combine public service ethos with commercial sector efficiency. We aim to be the benchmark for public management and so I am delighted that we have achieved this important strategic milestone."

Wilma Tulloch on +44 (0)20 8996 6330 OR
Marc Edney on +44 (0)20 8996 6330