Like most NHS organisations, SRFT found increasing demands were being placed upon them to demonstrate compliance, both at a local and more national NHS Digital level. Executive and external reporting was proving complicated and time-consuming – often requiring the need to delve into multiple security systems and piece information together; an approach that naturally leaves opportunity for error. The Trust wanted to be confident that what they were reporting was a true and accurate reflection of the state of the network.

“We were lacking a clear and concise view of our infrastructure”, said Richard Wakefield, Chief Technical Officer, Northern Care Alliance NHS Group. “We knew that to be assured of our defences and compliance we needed to have access to a picture of our network that we could trust.”

SRFT had been working with ITHealth for many years, benefitting from their flagship Secure-IT remote access solution, Sophos anti-virus and Sophos email security gateway protection. Trusting ITHealth’s NHS cyber security specialism and proven experience, the Trust explained its challenges. ITHealth quickly responded with its Assurance Dashboard Solution, which has been developed in collaboration with other NHS Trusts experiencing similar issues.

Fully managed by ITHealth, the Assurance Dashboard Solution pulls in-depth detail on all IP addressable assets linked to the SRFT network into a user-friendly dashboard interface. Intelligent reports present the findings in a meaningful and actionable way; NHS IT teams can quickly identify software and hardware vulnerabilities and any issues compromising security and compliance.

“CareCERT compliance in particular is made easier as the Dashboard automates much of the process”, said Janet Eivers, Digital Compliance Manager, SRFT. As CareCERT alerts are released, ITHealth inputs the threat detail into the Dashboard which then rapidly assesses associated vulnerabilities within the Trust’s network. The Dashboard highlights potentially affected assets, so the Trust knows exactly where to focus remediation efforts to ensure it remains protected. As much of the Dashboard detail is exportable, actionable worklists can also be pulled to assist with user workflows. “The CareCERT reports save us huge amounts of time and allow us to see at a glance and prioritise vulnerabilities”, continued Janet.

Being a managed solution, ITHealth provide monthly summary reports of the Dashboard detail to SRFT so the Trust can monitor changes in the network over time and disseminate key information to the board / external parties.

The Assurance Dashboard Solution has streamlined many routine security and compliance processes for SRFT, not limited to:

• Hardware and software identification and management
• Patch management visibility across the hardware and software estate
• User identification and user trends for capacity management
• CareCERT compliance monitoring
• Management reporting

SRFT benefit from the solution in the following ways:

• Being confidently assured at all times – the Trust can always access a truthful, reliable and real-time picture of its network.
• Enhanced security through increased network visibility – vulnerability and compliance issues can be more easily pinpointed, prioritised and addressed.
• Swifter remediation – the Dashboard flags priority areas and allows dynamic, exportable work lists to assist user workflows.
• Huge reduction in time spent on routine tasks – the IT team can focus their efforts on more beneficial projects.

“What I like best is that this system takes away any guesswork and opportunity for error in reporting; it presents a picture of the network and systems as they really are – making it easier to visualise risks and present accurate solutions”, concludes Janet Eivers, Digital Compliance Manager.