The aim of the NHSS Information Security Policy Framework is to set out - at an appropriately high level - the mandatory common components that must be embedded in each Board-level Information Security Policy  and own information security management system (ISMS) so that the risks relating to the confidentiality, integrity and availability of all types of written, spoken and computer information are managed.

We have produced a range of support material to help you comply with the new  Network and Information Systems regulations, such as guidance publications and template reporting forms.

Over time we also intend to publish case studies illustrating ‘lessons learned’, or where we have taken action. Our overall aim is to encourage compliance by providing useful information and resources.

You can find the latest documents, which are developed on an ongoing basis, in the Scottish Health Competent Authority site.

Further information and resources available here.