Hot Topics

e-KSF Security Testing Completed Successfully

All aspects of the e-KSF service are routinely tested before release and data security is of course the highest priority for us. We also realise, however, that it’s important to have external confirmation of this. So the Department of Health commissioned an external IT security company, Qinetiq, to confirm that the e-KSF system meets the data security requirements for a tool of this type.

Qinetiq first tested e-KSF at the end of last year and produced a set of best practice recommendations. We implemented these, and Qinetiq have now re-tested the system and confirm that they are happy with the technology and processes we have in place to make sure that your data is secure.

You can read the formal briefing note about the security test, written by Gill Rose at NHS Employers, by clicking here link to “The e-KSF and data security April 2007”.

As always, you can contribute to a secure application by making sure that you:

• Make sure that each user of e-KSF has their own login – don’t share usernames! You should be able to share workload with the existing e-KSF processes like “delegate access”, “assign rights to edit post outlines”.


• Keep passwords secure – please don’t share your password with anyone, and if you think someone may have access to your password then change it to something secure and unique using the “edit personal details” button once you’ve logged in to e-KSF. In line with best practice, e-KSF now requires all passwords to be at least 8 characters long, with a mix of numbers and letters. Unlike some systems e-KSF doesn’t force you to change your passwords at regular intervals because we recognise that many people will only use e-KSF very occasionally. It is however still good practice to change your password every few months, though.


• If you share your computer with anyone else, don’t save your username/password to your machine – does your computer store your e-KSF username and password, so you can enter the first few letters of your username, then click to select the name, and the password gets filled in automatically? This may be a great time-saver, but if anyone else uses your computer it’s not very secure. You can tell your computer to stop saving usernames/passwords by opening Internet Explorer, clicking “tools…options”, then the “content” tab and the “Auto Complete” button. From here you can “clear history” to stop your computer adding the username/password, and also remove the tick from “usernames and passwords on forms” to stop your computer saving these in the future for websites.


• Don’t put any patient-sensitive data on e-KSF – it may be useful to refer to patient care when entering evidence for KSF reviews, but make sure that it’s not possible for anyone to identify the individual patient (either by name, or by reference to their unique situation).