Print PageIntegrated Management System
McKesson Information Solutions (UK) Ltd has a general Integrated
Management System (IMS) which integrates the requirements of varying
standards and builds a single governance management structure.
McKesson’s management system is audited through both internal
compliance auditing but also externally by Det Norsk Veritas Quality
Assurance Ltd (DNV). The external certification consists of a 3 year
certification with 6 monthly periodic audits.
McKesson’s IMS includes two keys management system.
Quality Management
McKesson has a certificate of conformity to ISO 9001:2000 with TickIT,
awarded by Det Norske Veritas Quality Assurance Ltd (DNV). ISO 9001
is an international model for quality management systems, while TickIT
is an interpretation of ISO 9001 specifically for IT companies and sets
rigorous standards for controlling software development and installation.
The certificate is valid until October 2012. The scope of certification
reads: "The development, implementation and support of information
systems, the provision of systems integration, network management
and services, and the management of data centres, principally for the
healthcare market."
McKesson sought certification to ISO 9000 to demonstrate to its
customers (principally the NHS) its commitment to managing the quality
of its processes, through documented policies and procedures, through
employee induction and communication, through prompt reaction to
incidents such as complaints and system faults, through proactive
critical review of internal processes, and through a programme
of internal quality audit.
Security Management
The nature of McKesson's business demands that the company fully
understands the security implications surrounding the services it
provides. In the UK security management arrangements are consistent
with the broad principles of BS ISO/IEC 27002:2005, BS ISO/IEC
27001:2005, ITIL and industry best practice. The procedures and
controls are in place for all systems are continually reviewed to ensure
that they continue to meet the requirements of relevant standards and
the other guidance which informs McKesson's security practices.
McKesson Information Solutions (UK) Ltd has a certificate of conformity
to ISO/IEC 27001:2005, awarded by Det Norske Veritas Quality
Assurance Ltd. in October 2006 and valid until October 2009. The scope
of certification is defined as:
"The information security management activities associated with the
development, implementation and support of information systems,
provision of systems integration and network management services, and
the management of data centres, principally for the healthcare market, in
accordance with the latest version of the statement of applicability".
McKesson sought certification to ISO 27001 to demonstrate to its
customers (principally the NHS) its commitment to managing the
security of its information. NHS organisations themselves have a
mandate from the NHS Information Authority to comply with ISO 17799 (a
related standard) amid concerns for security of confidential patient data.
McKesson (UK) is one of only 395 companies in the UK to achieve
certification to ISO/IEC 27001 certification (figures correct as at May
2009).
McKesson (UK) has also been assessed against HMG Information
Assurance No.1, complying with Baseline Countermeasure Sets 3 and
the Security Policy Framework, for managing HMG data to RESTRICTED
level.
