Sidra Medicine, (a member of Qatar Foundation), has achieved the benchmark ISO:27001 Information Security Management System (ISMS) certification for its entire information technology function and operations.
ISO:27001 is an internationally recognised standard to manage information security and the main reference to set out the requirements for an information security management system. The standard outlines the rules for implementing, operating and continuously improving the systems. Sidra Medicine’s ISO certificate was issued by TUV Rheinland, a German certifying body. It is one of the top testing and certifying organisations worldwide, in the areas of security, safety, and quality.
The ISO:27001 certification applies to the information security standards across the broad spectrum of IT services at Sidra Medicine, such as network and security infrastructure; operations; IT systems; end-user computing; analytics; enterprise and clinical applications; as well as imaging services. The implementation is aimed at protecting the healthcare organisation from business risks such as data leaks, hacking or regulation breaches.
Maha Al Henzab, Acting Executive Director of IT at Sidra Medicine said: “Achieving the ISO:27001 was one of the major IT objectives for our organisation. It was a massive team effort including IT, facilities and supply chain management and human resources. With this certification, we can provide our staff, patients and different stakeholders, an additional level of assurance regarding our IT systems and processes. The fact that this has been accredited by an independent certification body like TUV Rheinland, also ensures the confidentiality, integrity and availability of our critical IT systems and data, particularly patient health information records.”