RSS042 - Data Safe Haven ISO27001

Report Date

April 2019

Report For April 2019

Achievements in the last Period.

Technical Controls

SIEM – Splunk

The Splunk consultant has implemented GPG13 and the Enterprise Security (SIEM) component. He have a successful presentation of this on the 12th of April. While we have the key components in place, these need further refined and we need to develop the supporting procedures. The Splunk consultant is planned to be back on site mid-May. We will review SOP requirements at that stage.

Cryptography & Key Management

Several ISO27001 risks will be mitigated by implementing Data at rest encryption and we have identified a method of doing this. We have purchased the required key Managment and encryption appliance. We have an issue however that we can’t power this up at the ACF Data centre due to a shortage of UPS (Uninterruptable Power Supply) at the site.  We hope to get the encryption servers in by the end of June (with the Eddie Node Replacement).

NTP (Network Time Protocol) Server.

NTP Servers are due to arrive on the 21st of May. Cables and Antenna kit will arive before then and we are arranging to get the Antenna placed on the roof ASAP. I would hope this is installed in both sites and signed off by the end of May.

Environment Patching.

OS Patching is covered within Policies and Procedures. However a further requirement to achieve the standard prescribed by Cyber Essentials Plus was required by NHS Lothian. This requires that we patch every component related to the DSH (OS, Application, server, switch, etc.) with 14 days of a critical patch coming out.

We are formulating an achievable position on this and would hope to have by this meeting. Once we have agreed this position, we can plan a date when we can have the required patching in place and communicate this to NHL Lothian. This will form the basis of our ISO27001 position for patching.

Access Management

All SOPs relating to the UOE Standard have been written and passed to Niel Kell for Review. These will still need UoE Review and Sign off.

Asset management

We have written, reviewed and signed off all the required procedures for this. Next step is to identify all the required assets to go into the asset management tool (Device 42) and get it populated. This will be Rob Davies primary deliverable.

Performance Metrics

We have documented the initial Performance Metrics. These will go through a few iterations of review and update. Aspects of this will need to be incorporated into the Splunk monitoring platform.

Operational Security

We've had an initial run through of this and have identified the SOPs that are required. These will be written and reviewed in due course.

Business Continuity

We had intended to spend a day on this with Neil Kell while he was here, but the day got taken over with Environment Patching so were a bit behind on this. Neil will pull together the info he already has and try and identify what our potential Continuity Scenarios are. We can then look at what our procedures would be to resolve these issues. One we have that we need to test them and gather evidence ready for audit.

Physical Security

The Cage was installed around the Backup Tape Rack at JCMB last week. We also had Neil Kell revisit the site and he confirmed that any other issues with the site seem to have been resolved. We have been given the ISO information related to ACF. While not everything, it should be enough to get through an audit. We still have a few procedures around keys, etc to write, but that aside Physical Security is almost complete.

Issues

We have blocking issues with UPS Power at the ACF data Centre blocking us progressing with the Encryption Solution and the NTP Server. This will also block us from putting in an additional VMWare Server that’s required.

We have an outstanding Medium Penetration Test issue that’s needs to be resolved before NHS Lothian will give us data. This has been with the Network team for a couple of Months with no Progress.

Key Tasks For Next Period

• As above.

Milestones