Some useful Reference documents for consideration when designing software systems for health data ensuring they meet information governance requirements and security requirements as required by the Data Security Toolkit.

This is an old document from NHS Digital but it has useful advice on what is required in a system to meet IG requirements.

OWASP Top ten is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications and has been recently updated.

2021 Open Web Application Security Project (OWASP) Top 10 issues (https://owasp.org/Top10/) helps identify the most common flaws that our software should address they also publish the OWASP Application Security Verification Standard (ASVS) to help ensure that stadards are met. full details at the link.

Data Security Toolkit Support Documents

These two sections apply most directly to software development and the network systems and software. They are written to support the toolkit questions and not specifically about how software should be built.

NHSDigital Use of Cloud Services information

NHS and social care data: off-shoring and the use of public cloud services - NHS Digital

Data sharing standard 2a - Security Assurance - NHS Digital

Browser not supported