Case Study: Major Hospital Technology Program - Information Security Manager

This project was part of a major initiative to fit out a new city-based hospital with information systems and infrastructure to support the requirements of a modern, state of the art, hospital. As with any project, when implementing technology it is important to ensure the protection of clinical data while ensuring those who need access are able to do so effectively. All of this needed to be achieved in tight and rigid time frames due to the complexity of moving a major hospital in its entirety.

Business Aspect was engaged by the Department for the provision of information security assurance and assessment services. By ensuring that Information Security is considered throughout the project lifecycle and stakeholders from the business to the support team are consulted, the security outcomes delivered are fit for purpose and help to support the business achieve its desired outcomes.

Business Aspect worked with the Department to ensure that the various sub-projects, from infrastructure to applications, that made up the hospital technology project were aligned with the Government standards. Where there were gaps to these requirements, risk assessments were performed so that the business could be effectively informed of any residual risks and the appropriate management actions be put in place to manage these risks on an ongoing basis.

A highly consultative approach was taken where the Business Aspect lead consultant worked extensively with project stakeholders and subject matter experts in ensuring that technology solutions were aligned with policy requirements or that appropriate compensating controls were deployed.  Controls included technology controls as well as process and behavioural controls.  Business Aspect was engaged early in the lifecycle of the project and remained engaged throughout key phases including providing ongoing advice throughout the deployment of technology throughout the hospital.