Proposal for Change: Guidance for using Open Internet Tools

[simplybenuk]

Name of and link to existing standard this proposal relates to

Guidance for using Open Internet Tools

Purpose and description of proposed change

Think it needs to list all the approved OITs.
The checklist doesn't refer at all to cyber security, but then there's that last section that seems to suggest you need cyber approval to use one.

Existing related standards?

References to related external standards

MOJs approved list https://ministryofjustice.github.io/security-guidance/general-user-video-and-messaging-apps-guidance/#approved-tools

[simplybenuk]

Just found the link to the existing approved apps, so ignore that part of my comment. I think this need to be linked in the checklist

[TotallyInformation]

Hi Ben,

The two documents https://nhsengland.github.io/it-standards/#/security/acceptable-cloud-tools and https://nhsengland.github.io/it-standards/#/security/guidance-for-using-open-internet-tools are designed to work together. The first of those now has a list of Corporate Tools which are largely centrally funded and supported, followed by a list of "approved tools" which are things that other, generally non-IT parts of the business have chosen to use - these are not being blocked by IT but probably have no support from us either. Then there is a short list of tools that must not be used.

Is this now sufficient to meet this issue or is more needed?