Background

The DSCR Information Governance Standard was originally published in January 2023. It is now being uplifted to reflect changes made across Digital Services for Integrated Care domains.

Outline Plan

The DSCR Information Governance Standard will be uplifted to reflect changes to the DSIC Information Governance and Business Continuity and Disaster Recovery standards.

Summary of Change

The DSCR Information Governance standard will be uplifted to:

• Include a requirement for the submission of annual penetration test reports

• Include a MUST requirement for compliance with ISO27001, previously included within the DSCR Business Continuity and Disaster Recovery standard as a SHOULD requirement

Full Specification

The changes are as follows:

• Include a MUST requirement within the DSCR Information Governance standard requiring the submission of annual penetration test reports

• Include a MUST requirement DSCR Information Governance standard for compliance with ISO27001, previously included within the DSCR Business Continuity and Disaster Recovery standard as a SHOULD requirement

• Remove the requirement BC-DR-2 from the current DSCR BCDR standard, covered via the revised DSCR Information Governance standard once published.

Assurance Approach

The assurance approach remains as is for DSCR solution suppliers required to comply with this standard. Assurance can be accessed via the DSCR Capability Assessment and Standards Assurance Process. All DSCR assured solutions will be required to be compliant with this standard by the effective date.