Update April 2023

Following a resources re-prioritisation, the PM has been assigned to support efforts in the higher priority projet MVM317 Lothian Health Board Framework Agreement Implementation.

As a result, decision was taken to suspend this project at the Programme Review Monthly Meeting - April 2023.

MVM Head of IT and his deputy will review and refine the scope before the project is unsuspended.

Overview

CMVM is seeking to develop its own action plan in relation to information security, following internal audit work performed in CSE and CAHSS in late 2021. 

Within CMVM, development of good local practice will concentrate on the following prioritised areas -

• local information security governance groups at relevant levels
• establishing local information security roles and responsibilities
• identifying the priority for gap analysis, either the whole College against the Information Security Policy and Standards or only for the areas encompassed by NHS Lothian Framework Agreement (the Scottish Government Cyber Resilience Framework)
• undertaking the gap analysis and relevant actions (a separate project may be required depending on the priority)
• maximising uptake of internal Information Security Essentials training
• distribution of best practice information security guidance in easily understood and available formats to the CMVM community.  

Scope

Information security in CMVM; maximising adoption and update of agreed good practice.   

Out of Scope

Development of UoE-wide information security standards and associated KPIs - this falls under the remit of the CISO/InfoSec team.