Proposal for Change: Guidance for using Open Internet Tools
simplybenuk opened this issue · 2 comments
Name of and link to existing standard this proposal relates to
Guidance for using Open Internet Tools
Purpose and description of proposed change
Think it needs to list all the approved OITs.
The checklist doesn't refer at all to cyber security, but then there's that last section that seems to suggest you need cyber approval to use one.
Existing related standards?
References to related external standards
MOJs approved list https://ministryofjustice.github.io/security-guidance/general-user-video-and-messaging-apps-guidance/#approved-tools
Just found the link to the existing approved apps, so ignore that part of my comment. I think this need to be linked in the checklist
Hi Ben,
The two documents https://nhsengland.github.io/it-standards/#/security/acceptable-cloud-tools and https://nhsengland.github.io/it-standards/#/security/guidance-for-using-open-internet-tools are designed to work together. The first of those now has a list of Corporate Tools which are largely centrally funded and supported, followed by a list of "approved tools" which are things that other, generally non-IT parts of the business have chosen to use - these are not being blocked by IT but probably have no support from us either. Then there is a short list of tools that must not be used.
Is this now sufficient to meet this issue or is more needed?