Public Board papers 31.03.22

11. Maintain operational stability by managing staff enquiries through the Tech Bar, upgrading systems and infrastructure, and ordering and deploying equipment etc. 12. Maintain the workforce in terms of wellbeing, recruitment to vacancies, PDR, and essential training compliance Objectives Evidence for September 2021 – February 2022 The key objectives for the period September 2021 – February 2022 were to: 1. Identify, prioritise, and ensure that the trust complies with all regulatory requirements and addresses key digital risks or has agreed mitigation in place 2. Identify, prioritise, and progress the key projects identified by the operational divisions; focussing on order comms, ward based electronic prescribing and document management. Reporting regularly on progress to the executive team and management board 3. Working with the executive team and CCIOs to improve clinical engagement across the Trust 4. Supporting the Research and Innovation division in preparing and submitting contributions to national competitive funding applications e.g. BRC, Major Centre renewal etc. 5. Working with the executive team to support staff in the digital team and to maintain a safe a sustainable digital service in preparation for the replacement of the current CIO 6. Maintain financial stability including realising contractor cost savings, implementing asset management changes and CIP returns 7. Maintain operational stability by managing staff enquiries through the Tech Bar, upgrading systems and infrastructure, and ordering and deploying equipment etc. 8. Maintain the workforce in terms of wellbeing, recruitment to vacancies, PDR, and essential training compliance Evidence of Delivery 1. Identify, prioritise, and ensure that the trust complies with all regulatory requirements and addresses key digital risks or has agreed mitigation in place Cyber response due to the Ukraine Crisis In late February, Digital services responded to the cyber security requirements required as a result of the Ukraine crisis and the heightened likelihood of a cyber incident. These were many, critical, with incredibly tight timescales. 3.0 4.0

A task force was set up, pulling staff off other duties. Business continuity plans and Disaster recovery plans were updated and circulated. Additional security measures required by NHS England were implemented. Extensive work undertaken by the deputy CIO to produce a risk framework. The framework provides a consolidated, auditable structure to Digital risks. For example, Cyber will continue to be a Digital risk; the framework ensures that individual cyber risks are represented in a cyber risk score that can be tracked over time and adjusted based on the current cyber threat level. All new risk assessments now consider a range of standard elements informed by the framework to help draw out wider reaching improvement actions, informed from a reporting structure beneath and visible to the senior team.

Risk Framework

105