Data Security Standard 8 - unsupported systems
This guidance relates to the 2023-24 (version 6) standard.
Overview
Guidance and support is available from NHS England to ensure risk owners understand how to prioritise their vulnerabilities.
There is a clear recognition that not all unsupported systems can be upgraded, and that financial and other constraints should drive intelligent discussion around priorities.
Value for money is of utmost importance, as is the need to understand the risks posed by those systems which cannot be upgraded. It’s about demonstrating that analysis has been done and informed decisions were made.
No unsupported operating systems, software or internet browsers are used within the IT estate.
Standard 8, National Data guardian (NDG) review
Please refer to further note on professional judgement, auditing and UK GDPR.
Last edited: 28 September 2023 11:06 am