Introduction
This policy sets out the acceptable and unacceptable uses of BrisDoc’s Information Communication Technology (ICT) resources.
It forms part of our Information Governance Management System (IGMS) and aligns with the wider information governance framework, including the Data Security and Protection Toolkit. Compliance with the Toolkit is essential for the organisation to gain and maintain access to NHS systems such as the Health and Social Care Network (HSCN), NHS Mail, MS Teams, limited N365 applications, Spine, and clinical applications.
BrisDoc operates a Zero Trust security model. This means no user, device, or system is trusted by default, whether it is inside or outside our network. Each request for access is verified and granted only with the minimum permissions required, supported by appropriate conditional access controls.
We apply continuous authentication and consistent security checks to safeguard patient data, business information, and NHS systems. While this approach can feel more stringent than traditional IT security, it significantly reduces cyber risk and supports our compliance with NHS and legal requirements.