Hospitals must meet standard to prevent ICT failures by the end of 2023

NEN 7510 contains requirements for the information security management system and guidelines for management measures

Most failures lasted between six and eighteen hours and at least eleven failures started at a technical part of the infrastructure. For example, this part broke. None of the outages investigated were caused by a security issue.

Based on these fourteen failures, the IGJ recommends that hospitals improve the existing infrastructure and management procedures. In addition, they must practice more for crisis situations, make clearer agreements with ICT suppliers and improve communication.

Can I also find that report somewhere*? I’m curious what it’s like now. If most of the problems /start/ with a technical part, then I don’t understand why management systems and control measures are needed. Management systems and policy will of course not prevent parts from breaking down.

Management systems and good management can ensure that small defects and malfunctions turn into major problems and malfunctions. For example, you can have rules such as that you have to make backups and that you have to run servers twice. This ensures that small problems remain small.

When you put it that way, it’s a bit bland and misleading to say that the problems start with “technical parts”. That’s a bit like saying the floor gets wet because it rains. That’s true, but the problem is the hole in your roof, not the rain.

In that case, the problem lies in policy, not technology. In my experience, most technical failures (such as power supplies and hard drives failures) are very predictable and most administrators know to take that into account. However, getting the budget and time to do it right is very difficult (as everywhere, not just in IT).

Read also  Poland loans burden Commerzbank with 3/4 billion euros in Q3

I think it’s typical, I don’t see anything different. People say the problem is in A and that’s why they’re going to change something in B, because B is their specialty (?). Managers say that technology fails and that they will solve it with management. Techies say that management fails and think they can solve it with a small script. Then either the problem statement is incorrect or the solution is not correct.

You have to solve technical problems with technology, you have to solve policy problems with policy, you have to solve management problems with management. You can rarely interchange it. Identifying the (correct) problem is the first step. So, where is it really going wrong?


* I found a summary:… Stuurders-en-ict-managers

  • Lesson 1: improve the existing infrastructure and tighten the management procedures
  • Lesson 2: practice more!
  • Lesson 3: make clearer agreements with ICT suppliers
  • Lesson 4: improve crisis organization and communication
  • Lesson 5: Involve the region in crisis preparation and assessment

Only the first point seems to have something to do with technology. And what goes wrong:

In some malfunctions played overdue
infrastructure maintenance.
For example, because networks in the course of
time had become unnecessarily complicated by
merger of organizations. Or because it
hospital replaced certain parts too late
had. In other cases, the hospital had not
enough knowledge and/or documentation about the facility
of the infrastructure. Sometimes there was not enough
expert staff available. Also followed
hospitals do not have existing (change) procedures

Parts replaced too late? I am thinking of redundant hardware (raid, dual power supply) that is not monitored. The rest has even less to do with technology.

Read also  To donate blood this week it will be in Nestlé and Solvay and also in Voto, Astillero, Colindres, Torrelavega

I’m not saying that the problems are wrong, but just pretending that “technical failures” are the big problem is misleading.

[Reactie gewijzigd door CAPSLOCK2000 op 27 september 2022 14:01]