What is Accreditation and why is it so important to the health sector

Those within the health sector across the UK are constantly finding themselves under added pressure. With continuous annual campaigns, staff shortages and an ageing population, there’s always more to be done, but with less time, money and resources available. This combined with the effects of the pandemic means that it’s never been more important for practices to choose reliable, accredited providers that support practices in delivering effective communications to their patient cohorts, so that they remain informed, engaged and up to date.

But what is an accreditation and what accreditations should health organisations look for, in a communications supplier?

What is an accreditation?

You want to partner with companies you can trust and develop a relationship with so that you can rely on and work together to meet your objectives. Accredited suppliers come with a wealth of experience and expertise to give you peace of mind that you are choosing a reliable, NHS approved supplier.

Here at CFH Docmail, we hold a range of accreditations and certifications and have done for over 30 years. As a processor of data, trusted partner and communication expert, we understand that holding these accreditations is vital for health sector confidence, knowing that your patient data and communications are handled, managed and produced in the best possible way.

But we also recognise that these accreditations and certifications highlight us as a provider of the very best communication service to our different customers. They allow us to demonstrate our practices and prove we are a trusted, reliable and ethical supplier, while also supporting our core brand values.

In this blog, our Accreditation and Certification expert, Michelle Underwood, is going to focus on some of our accreditations and certifications that are most relevant to the health sector, explaining what the accreditation is, why businesses may choose to achieve it and how we achieve it – which may also help you decide on partnering with us, to help you achieve your practice communication goals.

Data security and Information toolkit approved (standards exceeded)

What is it?

The Data Security and Protection Toolkit is a tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

Why do businesses choose to achieve this?

All organisations that have access to NHS patient information must provide assurances that they have the proper measures in place to ensure that this information is kept safe and secure.

Completion of the DSPT is therefore a contractual requirement specified in the NHS England Standard Conditions contract and it remains Department of Health and Social Care policy that all bodies that process NHS patient information for whatever purpose provide assurances via the DSPT.

How do we achieve this?

It is an online self-assessment tool that involves us completing an assessment by responding to a range of questions. The DSPT is organised under the 10 data security standards and under each standard there are a number of ‘assertions’ that we work through. To complete each assertion, we are required to provide evidence items which demonstrate compliance with the assertion. Once this is done, we publish our assessment.

If an organisation achieves 'Standards Met' and also has a current Cyber Essentials PLUS certification recorded in its organisation Profile, then its status will be displayed as 'Standards Exceeded'. This is the status that we hold and have done since its inception as well as its previous incarnation, as the IG Toolkit.

As data security standards evolve, the requirements of the DSPT are reviewed and updated to ensure they are aligned with current best practice. Each year, we must review and submit our annual assessment.

Cyber Essentials Plus Certification

What is it?

It is a simple, but effective, government-backed scheme that helps companies to protect their organisation, whatever its size, against a whole range of the most common cyber-attacks.

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections businesses need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out. The scheme includes five key controls that when implemented correctly can stop the majority of cyber-attacks.

Those controls are:

• Secure configuration
  
• Boundary firewalls and Internet gateways
  
• Access controls and administrative privilege management
  
• Patch management
  
• Malware protection
  

Why do businesses choose to achieve this?

According to the UK government, achieving Cyber Essentials could prevent “around 80% of cyber-attacks”.

Cyber Essentials permits us to work with the UK government and Cyber Essentials Plus gives us the opportunity to work with the MOD. 

How do we achieve this?

Cyber Essentials and Cyber Essentials Plus certification applies to the whole CFH group that covers all three manufacturing sites and East Kilbride offices.

Certification to Cyber Essentials & Cyber Essentials Plus requires annual re-assessment which includes carrying out vulnerability/penetration testing on our external and internal network systems by an external independent body. We use BSI for the provision of these services and certification.

ISO 9001:2015 Quality Management System

What is it?

ISO 9001:2015 is a UKAS accredited international standard that specifies requirements for a quality management system (QMS). A QMS is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. It is aligned with an organisation's purpose and strategic direction.

In short, this accreditation demonstrates the quality controls we have in place to meet our changing customer requirements to a particular standard.

Why do businesses choose to achieve this?

Organisations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements. It helps organisations ensure their customers constantly receive high-quality products and services, which in turn brings many benefits to a business, including satisfied customers, management and employees.

How do we achieve this?

CFH Radstock (our head office) continuously maintain registration to ISO 9001 through BSI (certification governing body) and has held the standard since 1991. CFH Livingston (our site in Scotland) maintains registration to ISO 9001 through NQA (a separate governing body). PRINT.UK.COM (our site in Windsor) maintain registration to ISO 9001 through QMS International, a separate governing body.

Independent certification governing body BSI, carry out continuing assessments against the standard twice per year at the Radstock site. NQA carries out an audit of our Livingston site once per annum, and QMS International carry out an audit of the Windsor site once per annum.

ISO9001:2015 shows our commitment to providing a quality service to all our customers.

ISO 27001:2013 Information Security Management

What is it?

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems. BSI published a code of practice for these systems, which has now been adopted internationally as ISO/IEC 27002:2013.

This is one of the most important accreditations we hold, as it demonstrates our ability to securely manage data.

Why do businesses choose to achieve this?

Information is critical to the operation and protection of an organisation. Being certified to ISO/IEC 27001 helps to manage and protect valuable information assets. The key concept of information security management systems (ISMS) is the ability to equivalently protect, maintain and improve confidentiality, integrity, and availability of our information assets that should be protected by the organisation.

ISO27001:2015 Underpins our commitment to take information security seriously and do all we can to protect any data that we have and keep it as secure as possible.

How do we achieve this?

CFH Radstock maintain registration to ISO 27001:2013. An independent audit is carried out by BSI, against the requirements of the standard twice per year at the Radstock site. PRINT.UK.COM has been added as an extension of scope to the Radstock certification to maintain registration to ISO 27001. The Windsor site is audited by BSI once per year as part of the schedule for both sites.

CFH Livingston maintain registration to ISO 27001:2013 through the NQA certification governing body. An independent audit is carried out by NQA, against the requirements of the standard once per year at the Livingston site.

The 3 ISO standards work on a 3 year audit cycle – 2 years of surveillance audits where samples of the standard are audited and then in the third year, a full standard re-certification audit takes place to ensure that we are meeting the required standard and can continue to display the ISO badge.

Other achievements we hold

So there you have it, some of our accreditations and certifications explained and they are just the start of it!

We are GDPR compliant and hold other accreditations, including ISO 14001:2015 Environmental Management, Forest Stewardship Council Certification (FSC) and Programme for the Endorsement of Forests Certification (PEFC).

We also have places on a number of frameworks including Crown Commercial Services and Shared Business Services for the NHS.

This combined with internal controls and processes we have in place to continuously manage our customer expectations and requirements; means we focus on delivering the best service and solutions possible to help achieve your practice goals and objectives.

Get in touch

Why not get in touch to find out more about the accreditations, certifications and processes we have in place and how we can help you achieve your goals with effective, reliable, industry leading communications. 

Or why not find out all about how our hybrid mail solution, the Docmail Print Driver, has helped practices transform their communications by reading our blog:
Medical Practices: Using the hybrid mail print driver