We are an experienced and technically skilled team that are here to guide you through the complex and sometimes daunting world of cyber security. Whether you are looking to audit your systems to ensure your data is safe or conduct penetration testing on a secure website, LHIS IT Assurance are here to help. We are Tigerscheme accredited. We also operate within the governance frameworks of other penetration and security accreditation bodies such as: Certified Information Systems Auditor (ISACA), Certified Ethical Hacker (EC-Council), Certified Forensic Investigation Analyst (CFIA), Certified Wireless Security Analyst (CREST).

We have extensive experience of security testing web applications, both within the public sector and for other national and global organisations. We also routinely conduct such testing for central government agencies. We have experience of testing all major web application systems, including: Apache, IIS, Ngnix, Joomla, WordPress, Drupal, SQL etc.

Along with our customer testimonials, our industry awards and accreditations show our professional competence and knowledge in this specialised area. It is important to us that we give assurance to our customers that we understand the industry expectations and standards governing IT assurance.

The IT security review service provides day-rate based Cyberscheme certified specialist security staff to conduct comprehensive application and infrastructure security and vulnerability testing.

The LHIS technical security service is scoped individually to ensure that the specific vulnerabilities that would expose a system or organisation to attack are identified. Once identified LHIS will provide recommendations to enable the organisation to mitigate the identified threat.

LHIS Code: SEC01

The LHIS vulnerability and penetration testing services provides day-rate based Tigerscheme certified specialist security and penetration testing staff to conduct comprehensive application and infrastructure penetration testing. The LHIS penetration service is scoped individually to ensure that the specific vulnerabilities that would expose a system or organisation to attack are identified. Once identified LHIS will provide recommendations to enable the organisation to mitigate the threat. LHIS security specialists have considerable experience of supporting public sector organisations including NHS Trusts, Local Authorities, Ambulance Trusts, NHS arms length bodies, etc.

LHIS Code: SEC02

The LHIS security auditing and assurance service provides organisations with a measurable technical assessment of a system, data centre, network, or the entire organisation, depending on the scope defined by the customer. Our IT security specialists provide feedback on areas of good practice and give visibility to any weaknesses or vulnerabilities.

Once auditing is completed, a report, together with recommendations for mitigations and remedial actions, is provided. LHIS ISO 27001 services enable organisations to comply with and if required gain ISO27001 certification.

LHIS Code: SEC03

An increasingly common mode of attack for cyber criminals is email phishing whereby an email is received by a user that appears to come from a legitimate source. If the user clicks on an embedded internet link or opens an attachment, they can then be infected with malware which can infect further areas of the organisations computer systems at a rapid rate.

A particular variant of this attack is ‘ransomware’ whereby the malware encrypts computer files and the organisation has to pay a ransom to get the cryptographic keys to unlock the files. LHIS Assurance provides a tool for evaluating an organisations risk exposure to such attacks by sending their staff a specially crafted email. Although the email is benign, we are alerted to users’ actions on receipt of the email and whether it is identified as a phishing message. If a user clicks the embedded link or interacts with the associated web site, this indicates a significant risk exposure to the organisation and demonstrates the need for further awareness training.

LHIS Code: SEC04

We have been involved with the government backed Cyber Essentials scheme since it was created and we were one of the first NHS organisations to achieve the certification.

As a result of our experiences, we now support a number of organisations in achieving the detailed requirements within the standard. To achieve accreditation your organisation will need to implement the 5 preventative controls across your IT estate which will provide a base level assurance in protecting your corporate and customer information.

We’ll provide you with a gap analysis of your current position and also provide technical support and practical advice in how to achieve the standard.

LHIS Code: SEC05

We have a wide experience of providing technical security training which is targeted to the specific learning objectives of the organisation. This can include technical security controls, security incident response, digital forensics or other area where the organisation wishes to increase its skills and capabilities.

LHIS Code: SEC06

Developing an effective IT security risk management framework is a core component of a robust governance framework and is a requirement of most information governance frameworks (e.g. ISO27001). LHIS Assurance can provide support and assistance in these areas and share our extensive knowledge and experience within large organisations.

This will ensure that the risk management framework provides an overview of the organisations IT security risk profile without adding additional administrative burden.

LHIS Code: SEC07

When conducting investigations, it is imperative that digital evidence is acquired in a secure and compliant manner. This is to ensure the integrity and validity of the evidence cannot be retracted. LHIS assurance has extensive knowledge and skills in this area and can support organisations where there is a need to acquire digital evidence in support of internal investigations.

LHIS Code: SEC08

When an IT security incident occurs, it is imperative that the processes and procedures that are used to respond are effective and prompt, to ensure the impact of the event is minimised.

LHIS Assurance can provide a tried and tested service to support organisations when such events occur. This can also include other important aspects of the security response process such as ‘root cause’ and ‘lessons learned’ exercises which are intended to provide the organisation with a mechanism for reducing the frequency and impact of such events.

LHIS Code: SEC09

When conducting investigations that involve IT systems, it is important that the processes for gathering information are compliant with digital forensics standards and that the information is interpreted and presented in a structured manner.

LHIS Assurance can provide expert support and guidance in this area and can deliver a support function that meets the specific objectives of the investigation being undertaken.

LHIS Code: SEC10

Most IT projects include a security component that is designed to understand and address the risks and threats to the operation of a new system or service. LHIS Assurance can support an organisation in providing services that assists in the scoping, evaluation and remediation of the identified risks. This can be conducted as part of the project management process or as a separate exercise, designed to supplement the project assurance processes.

LHIS Code: SEC11

Having achieved the ISO27001:2017 standard ourselves, we are able to share our knowledge and experience in supporting your ISO27001 journey. We can conduct an on-site assessment to highlight areas of weakness within your Information Security Management System.

At the end of this gap analysis, you’ll receive a report detailing your current weaknesses and areas for improvement. We can also support your ISMS by conducting routine audit exercises to ensure ongoing compliance with the standard.

Implementing the requirements of GDPR and the Data Protection Act (2018) can be a challenging exercise and many organisations are at different stages in their data privacy journey. You may have already have a full programme mapped out or you may still be confused as to where to start.

As GDPR qualified practitioners LHIS can provide quality assurance and advisory services to offer a comprehensive GDPR framework. We can do this by offering gap analysis support including data mapping and auditing both existing technical controls and policies/processes. We can also provide GDPR training to all staffing levels.

NHS Leicestershire Health Informatics Service (LHIS) are the first public body to receive the NHS Digital DCB1596 accreditation, allowing faster and secure communication between NHS organisations, local authorities and other secure government domains

LHIS has become the first public sector organisation in the country to be able connect its own local email system to NHSmail2, allowing thousands of staff across different organisations to better communicate, and share crucial information more quickly and securely. The landmark project could now help NHS organisations throughout the UK improve the secure sharing of patient information between health and social care professionals.