Ramsay Health Care UK

A partnership enabling the client to meet cyber resilience metrics


Ramsay Health Care UK is well respected in the healthcare industry for operating quality private hospitals and for its excellent record in hospital management and patient care. The organisation employs over 7,600 staff in the UK, has over 40 hospitals and facilities across England and treats over 200,000 patients each year. As such, the scale and complexity of the supplier network required to support this is great. Like many healthcare organisations in the UK, Ramsay Health Care UK faced resource challenges which meant additional help was needed in the area of supplier assurance. This led the Senior Management Team to seek cyber & information security help from i3Secure.

The Challenge

As part of the Ramsay Health Care Global Cyber Resilience Programme, i3Secure was tasked to create a long-term solution for supplier management. This included assuring over 240 suppliers already supporting the organisation, as well as creating a new end to end process incorporating supplier due diligence, risk management, specialist review of critical suppliers and senior management reporting.  

Ramsay HealthCare UK had specific assurance targets to meet for its key suppliers and we were asked to devise an approach to enable this target to be achieved. We also needed to ensure that any processes introduced also increased compliance with the DSPT Toolkit and the ISO 27001 Information Security Management System.

Our Solution

Our CISO consultant reviewed existing processes and systems traditionally used for supplier management, then working collaboratively with in-house procurement staff devised a strategy to meet cyber metrics (targets). OneTrust Supplier Assurance Software was brought in to manage the large quantity of clinical suppliers. New supplier due diligence questionnaires were created, designed to meet organisational requirements for the GDPR, DSPT Toolkit, Interoperability for software solutions, clinical safety and ISO27001. 

To work in conjunction with the supplier due diligence questionnaire a new risk methodology and review process was introduced. Once the processes received senior management sign off, i3Secure presented the new supplier management solution to in-house staff via a series of knowledge transfer workshops.

The Result

Our short-term engagement enabled Ramsay HealthCare to meet cyber resilience targets, efficiently and effectively.  We achieved the desired outcome for the customer in a fraction of the time it would have taken in-house staff. Our team of consultants are experts in supplier assurance, and they understand the pitfalls and how to navigate them enabling i3Secure to provide an efficient, professional service and value for money.

At a Glance

  • Thorough review of existing supplier processes and systems.
  • Collaborative approach to devising strategy with in-house procurement teams.
  • Assurance software introduced and organisational requirements met with the introduction of due diligence questionnaires.
  • Introduction of risk methodology and review process set up.
  • Organisational requirements met for the GDPR, DSPT Toolkit, Interoperability for software solutions, clinical safety and ISO 27001.
  • Long term solution created for supplier management along with knowledge transfer through workshops.

Looking for CISO as a Service?

Discover more about our outsourced Chief Information Security Officer service.

A practical and cost-effective solution for an ongoing security presence

Find Out More