Effective Governance and ISO 27001 

​Maintaining strong governance and adhering to the ISO 27001 standard is essential for the success of our Intelligent Automation (IA) and Robotic Process Automation (RPA) programs, and here's why:

Firstly, these governance processes and the ISO 27001 standard provide a solid framework for managing information security. In the realm of IA/RPA, where we handle sensitive data and critical processes, ensuring information security is paramount.

Adhering to these standards helps establish robust data security measures, safeguarding against breaches and unauthorised access. This is not only vital for patient safety but also crucial for meeting regulatory compliance requirements.

Secondly, ISO 27001 promotes a culture of continuous improvement and risk management, which is particularly important in the ever-evolving landscape of automation. Regular assessments and audits allow us to proactively address security concerns, enhancing the resilience of our program against emerging threats.

Additionally, obtaining ISO 27001 certification builds trust with stakeholders, partners, and, most importantly, our patients.

This trust sets the foundation for the long-term success of our IA/RPA program. In summary, compliance with ISO 27001 is critical to ensuring the strength, security, and sustained success of our IA/RPA initiatives.

Discover more about our Robotic Process Automation (RPA) program in the National Health Service (NHS) and Healthcare sector by reading our Blueprint.

IA robot - governance
Screen Shot of Governance Library

Key Areas of Governance

​In August 2023, we retained our ISO27001 certification, after being external audited by BSI. We also met the requirements of the 2022 standard.

In anticipation of this, we established four distinct areas to address our governance requirements.

1. ISO 27001 Policies (10) covering the controls associated with Software development. 

2. Standard Operating Policies (17) covering our Application Lifecycle Management (ALM).

3. Gateway Documents (4) covering the requirements of our Gateway locks.

4. Associated documents (8) covering both our and stakeholder responsibilities.

We also follow Prince2 agile project methodology, having both Foundation and Practitioner qualified team members.