IT services that also comply with NEN7510 are readily achievable

herma
May 16, 2023
4 min

[vc_row][vc_column][column_text]IT organizations today face an enormous challenge to support beautiful healthcare solutions with good and flexible as well as secure IT services. Security and flexibility seem to fight each other. Yet with good practice, this can be avoided. The solution does not lie in adding extra activities but in strengthening a more compact working method. This can also greatly reduce the workload caused by audits.

Threat

Hackers and calamities threaten not only IT services but also healthcare services. Hostage systems, outages and data breaches affect operations and the client. No wonder the government wants to get a grip on quality with NEN7510, but also with MDR and covenant MT.

However, it is important to keep the distinction between security (secure) and compliancy (compliant) in mind. And although security is more important than compliancy, compliancy is often required and can be used as a catalyst for achieving security.

The pressure on good services 2.

At the same time, new IT solutions, techniques and practices offer so many opportunities for better care that rapid and flexible application is necessary. And under the influence of new developments such as AI, the pace of innovation will only continue to increase. This will put considerable pressure on manageability and stability. And on top of that, well-trained IT employees are scarce

One compact mode of operation 3.

In ISM, the lessons from ITIL 4 and DevOps are applied in one compact service-oriented way of working that creates valuable IT services. We additionally translate compliancy requirements into actions in the way of working, creating one way of working that has great customer value, is easy to navigate and easier and demonstrably compliant.

This method is applicable not only by IT, but also by medical technology and facilities.

Simple principles 4.

To arrive at a single integrated solution, a few simple principles were combined.

  • The working method determines the result - All IT services and systems result from the work of professionals such as functional administrators, system administrators and help desk staff. To create good services, it is crucial to organize the cooperation of these professionals in one compact working method
  • Integrating security into the service - Security and compliancy are requirements for IT services. As such, they are service levels just like availability, functionality and user satisfaction. An integrated approach ensures the feasibility of all service levels.
  • Tooling - Without good tooling that supports the way of working, realizing secure services is impossible, essential in this are
    • Compliancy tooling - Standards such as the NEN 7510, Medical Technology Covenant and MDR contain requirements for the services in terms of Set-up, Existence and Operation. In the ISM compliancy tool, these requirements are translated into the activities that are needed, this prevents activities from being forgotten. Also, these are linked to the basic processes found in every IT organization so that compliance comes under process control and responsibility and is easier to apply.
    • ITSM tooling - the TOPdesk and Ultimo solutions commonly used in healthcare support the chosen way of working. Recording the many repetitive security activities in these tools creates control and measurability. This also applies by implementing a good process design with attention to security.
    • BI Dashboarding and reporting - it is not only important to meet the audit once a year, compliancy and security must be continuously demonstrable at the desired service level. It is therefore important that professionals and leaders have a continuous view of service performance. This increases security awareness and encourages focus and feasibility.
  • Collaboration with the CISO - information security goes beyond IT services, yet they are a major determinant of security levels, perhaps 60-70%. It is therefore important for IT to work closely with the CISO from its own perspective.

The solution

Creating valuable IT services is a huge challenge for IT organizations. If, in addition, a lot of security work has to be done, a "mission impossible" arises. The only solution is to fully integrate IT, security and compliance with the way the IT organization works. This is only possible with a universal set-up of the working method that is compact, manageable and measurable.

The integrated ISM method provides all the tools for this.

Want to be completely updated? Also come to Zorg & ICT and visit Servitect at booth number 01.A023.[/column_text][/vc_column][/vc_row][vc_row][vc_column][image="28098″ zoom=""][/vc_column][/vc_row]

Related articles