Ordr Announces Integration with ServiceNow Vulnerability Response Read more here!

Ordr

Request a Demo Search

Author: Pandian Gnanaprakasam

A special blog for October Cybersecurity Awareness Month

In an era where data security is paramount, we at Ordr, specializing in comprehensive security solutions for connected devices, prioritize safeguarding customer information as a core mission. One pivotal step Ordr has taken in securing data is earning SOC 2 compliance with a specific focus on Organizational Governance and Structure. I want to use this blog to delve into what our SOC 2 implementation journey means, how we steadfastly uphold our commitment to data security, and the significant benefits this provides to both our internal operations and customers.

Why is SOC2 Critical?

Service Organization Control 2, or SOC 2, is a widely recognized framework designed to assess and report on customer data’s security, availability, processing integrity, confidentiality, and privacy. It is a rigorous set of standards that validate an organization’s dedication to safeguarding sensitive information. By going through the process, SOC 2 certification validates:

  • Ordr’s ability to connect people, process, and technology to provide the services continuously.
  • Ordr’s ability to provide response during a critical security event.
  • Ordr’s ability to provide services in case of failure to the hosted data center with no impact to customers.

Those validations are important to us and for those organizations that put their trust in us. Ordr allows its customers to gain visibility into their complete attack surface. We do this by collecting a wealth of information from the infrastructures where Ordr is deployed. That data is critical for closing visibility gaps and understanding the context of data flows and device operations that allow us to deliver the highest level of security possible. Ordr takes pride in providing these services and makes data security a paramount requirement. We at believe these are core components to any SaaS solution and should be tested once a year to make sure all the above-mentioned factors are in sync.

[SOC 2] validations are important to us and for those organizations that put their trust in us.

Our SOC2 Journey 

Our SOC 2 compliance journey has been ongoing for the last several years, and each year the scope has expanded. Our commitment is not limited to specific aspects of our operations; it encompasses the entire development process, our entire employee population from onboarding to continuous training, and our customer onboarding and training processes. This comprehensive approach demonstrates our unwavering dedication to protecting our customers’ sensitive information.

  • Change Management: Our meticulous change management processes translate to a reduced risk of service disruptions, ensuring the uninterrupted operation of critical services for our customers.
  • Risk Management: By systematically identifying and mitigating potential security threats and vulnerabilities using a risk registry, we enhance the safety of our customer’s data and services.
  • Vendor Management: Customers benefit from our rigorous vendor management practices, which assure them of the security standards upheld by third-party vendors, going above and beyond merely reviewing vendor certifications like SOC 2.
  • User Access Management: Enhanced user access controls mean customer data remains accessible only to authorized personnel, minimizing the risk of unauthorized access.
  • Data Storage: Secure data storage practices give our customers confidence in protecting their sensitive information, safeguarding it from breaches and unauthorized access.
  • Hiring, Onboarding, and Employee Training: Customers benefit from a workforce that is not only vetted but also continuously trained to uphold the highest standards of security, thus reducing the risk of insider threats.
  • Incident Management: Well-documented and tested incident response plans mean that potential security incidents are swiftly and effectively handled, minimizing the impact on customer operations.
  • Logical Access: Enhanced logical access controls reduce the risk of data breaches or unauthorized access to customer systems and data.
  • Endpoint Security: The bolstered endpoint security ensures that our devices and endpoints are safeguarded against malware, viruses, and other security threats, reducing the risk of service disruptions or data compromise.
  • Data Resiliency: This allows Ordr’s service to run from another data center in case of failure to the primary data center and it means we are able to maintain SLA commitments provided in customer contracts.

Our commitment to SOC 2 compliance extends to additional rigorous controls. Every code commit undergoes a security review by an expert separate from the developer and code reviewer, ensuring that security considerations are meticulously addressed. We regularly test data resiliency between cloud locations for seamless failover, and we scrutinize every laptop for compliance with policies like firewall, encryption, and the presence of endpoint detection and response (EDR) and mobile device management (MDM) solutions.

When done right, with a diligent auditor that is allowed go through every employee, every customer, every line of code, every vendor, the SOC 2 process is more than worthwhile.

Our auditor, Geels Norton (BTW, highly recommended), is renowned for their diligence in auditing. Instead of reducing scope, we have consistently accepted a broader scope and higher standards by Geels Norton and actively strive to achieve and maintain these elevated security levels.

SOC 2 Does Matter

I am very aware of the ongoing and vigorous debate about the value of earning SOC 2 certification, that it is a waste of time, that organizations are finding ways to water-down the process and that, as a result, the process has become little more than window dressing. We take the opposite view. When done right, with a diligent auditor that is allowed go through every employee, every customer, every line of code, every vendor, the (painful) process is more than worthwhile. It gives an organization the information it needs to beef up controls and quantify its performance. Done right, SOC 2 demonstrates a top-to-bottom commitment to security.

Ordr’s achievement of SOC 2 compliance in Organizational Governance and Structure underscores our enduring commitment to security. We continue to vigilantly monitor our systems and processes, ensuring they comply with SOC 2 standards. Furthermore, we remain steadfast in our commitment to optimizing our security posture, proactively staying ahead of emerging threats, and ensuring that our customers can trust us with the highest level of data protection.

Overview

Enterprises are a complex mix of devices, applications, and data, and the speed at which they are changing is growing exponentially. Look just about anywhere in the modern technology estate and you’re bound to find connected devices that either didn’t exist or weren’t designed to connect to the network even five years ago. Modernization and digital transformation are major factors that have driven the demand to connect more things to networks in an effort to collect and exchange data and enable new services. And as innovation continues apace, we can expect to see further escalation in the numbers and kinds of devices that connect to the network.

With all the benefits of connected devices comes a slew of new challenges when it comes to managing and securing them, especially when you consider that many operate undetected by IT operations. Ordr’s own analysis of environments in which our technology has been deployed shows that as many as 15% of devices discovered were previously unknown by the enterprise. That is a significant visibility gap that equates to a significant risk gap. As we hear over and over again from CISOs, “I can’t protect what I can’t see, but I’m still responsible for it.”

One Big Challenge

What can IT and security leaders do to meet the challenges and keep their enterprises safe from cyberthreats? Automation is key to keeping pace with the speed of growth and change because automation helps organizations scale and keep up with demands. The key is not just in maintaining scale, however, but in collecting and analyzing quality data in real time. This is especially true when it comes to security. Without complete and accurate data, automation is arguably useless. Rather than paving the way to precise and timely action, bad data creates speed bumps and even roadblocks that require manual verification and thus impede rapid decision making.

I can’t protect what I can’t see, but I’m still responsible for it.” – Every CISO, Every Enterprise

One big challenge to ingesting accurate, timely data is in discovering and keeping track of everything that’s connected to the network. In a self-serve IT paradigm, many devices connect outside the view of IT management. Many devices are not capable of being monitored and managed with traditional methods such as active scanning and agents. Sometimes devices can get lost when changes or updates render their agents obsolete or ineffective. And as organizations grow, these issues compound.

Legacy monitoring and tools are not designed to meet today’s challenges because you can’t take advantage of automation if you can’t trust your data. Therefore, it is essential to acquire the means to see, know, and secure every connected device, collect the data associated with each device’s operations, and use that data to generate the security and operational intelligence needed to maintain fast, safe, and efficient operations.

How Ordr Helps

IT and security leaders require a purpose built tool to ensure they have the complete and accurate operational data they need to fill in the blanks left by legacy tools that depend on agents or active scanning. This all starts with the ability to discover the millions of unmanageable network-connected devices in operation in today’s industrial, medical, retail, financial, and other environments. That’s where Ordr comes into play. The Ordr Connected Device Security Platform is engineered to automatically discover, identify, classify, monitor, identify vulnerabilities and assess the risk of every device connected to the network. Here’s how.

Connected device discovery starts by analyzing network traffic. If it connects to the network Ordr will find it, and once we do, we keep it in view. But it’s not enough to simply know a device is there. You need to know what it is going beyond merely collecting its MAC and IP address and instead gain detailed information about the device, the role it plays, and how it is expected to operate under normal conditions to deliver services. Ordr maintains an extensive library of millions of different device types–the Ordr Data Lake–with detailed information on each. That information includes deep insights into known vulnerabilities, FDA recalls, and other data critical to understanding the device’s risk profile and to recognizing when conditions change that put the device and the enterprise in danger of exploitation.

The value of the information Ordr has in the Ordr Data Lake, and that we collect from devices in real-time, is maximized by our extensive list of technology integrations that enable bi-directional data feeds to support other critical security and operational functions. That includes our tight integration with ServiceNow’s Service Graph Connector, configuration management database (CMDB), IT service management (ITSM), and our latest integration with Vulnerability Response. The real-time operational data we collect is used to populate the ServiceNow CMDB and enable workflows in ITSM and Vulnerability Response platforms to ensure the most accurate IT operations automations possible. And from a cybersecurity perspective, maintaining a closed loop of data flow with ServiceNow Vulnerability Response ensures an organization’s security team maintains visibility and status of the attack surface, including any vulnerabilities associated with devices operating in the network.

Closing Visibility Gaps

The bidirectional Vulnerability Response Integration with Ordr, certified by ServiceNow Engineering and available in the ServiceNow Store, closes visibility gaps and provides vulnerability insights for all connected devices including those not supported by endpoint agents or active scanning. Using passive methods, Ordr collects operating system and software details, and vulnerability details including severity for all devices. This information is sent to ServiceNow Vulnerability Response so teams can leverage accurate data to optimize and accelerate vulnerability management tasks and reduce risk.

Combined with Ordr collected device context and vulnerability data from multiple industry and threat intelligence sources, the Ordr-ServiceNow integration delivers a complete, rich, and single view of device vulnerabilities and risk, while providing the data needed to automate dynamic policy creation and efficient enforcement of mitigations as well as rapid incident response actions. Here’s how it works:

  • Ordr automatically identifies and gathers granular details including vulnerabilities for every managed and unmanaged device connected to the network.
  • Ordr uses passive methods and does not impact device services to identify every device and collect granular details including vulnerability information for every connected device.
  • Ordr Software Inventory Collector, gathers details of applications and application patch levels for all devices including unmanaged devices.
  • ServiceNow Vulnerability response pulls vulnerability information from Ordr for all managed and unmanaged devices.
  • Vulnerability status is maintained across both platforms leveraging bidirectional integration.

This complements other Ordr integrations with ServiceNow to provide ServiceNow customers with comprehensive and accurate details of all managed and unmanaged devices in their environment to enable organizations to take full advantage of ServiceNow automation and orchestration capabilities.

  • ServiceNow Service Graph Connector – to enable the exchange of granular and accurate device data at scale between the Ordr and ServiceNow platforms.
  • ServiceNow CMDB – for a centralized, comprehensive, accurate, and up-to-date asset inventory.
  • ServiceNow ITSM – to enrich and accelerate IT workflows with accurate and up-to-date asset details.

ServiceNow VR + Ordr Means Less Risk

Because the Ordr integration with ServiceNow Vulnerability Response enables organizations to fill in visibility gaps with comprehensive device vulnerability details and combine device data from multiple sources, enterprises are safer from threat actors actively working to exploit weaknesses in enterprise security. And because we use passive methods, device performance is not affected, meaning even an organization’s most sensitive and critical devices are protected with no impact to services or patient safety.

To learn more about Ordr’s integration with ServiceNow Vulnerability Response, Service Graph Connector, CMDB, and ITSM solutions, check out ServiceNow on our partners page.

Ordr welcomes Wes Wright as our new Chief Healthcare Officer with immense pleasure and pride. Wes’s distinguished military background, extensive expertise in healthcare, and unwavering commitment to patient safety make him an invaluable addition to our organization. Wes’s appointment reflects Ordr’s continued commitment to our innovation leadership in healthcare.

Already the market leader in healthcare connected device security, Ordr continues to accelerate our customer acquisition rate. More importantly, we are enabling our customers to be healthcare cybersecurity “heroes” by more effectively securing their environment of care and making hospital operations more efficient. We are excited about being in a great place to expand the team and make additional investments to support healthcare security and HTM teams everywhere.

I’ve known Wes for many years (read his recent blog here). He was an early proponent of our technology and mission, and there are several reasons why he’s such a great fit for Ordr:

Valuing Relationships: Building Bridges to Success

Having had the privilege of knowing Wes for several years, I have witnessed firsthand his business acumen, attention to detail, and strength in building relationships. Formerly an Ordr advisor, his guidance and insights, from day one when I met him until now, highlight his dedication to fostering strong relationships and going above and beyond to support our shared goals.

Healthcare Expertise: Passion for Patient Safety

Wes embodies the mantra “cybersecurity is patient safety.” His extensive experience in patient care delivery, as a former CIO of military and children’s hospitals, and his adroit navigation of complex regulatory landscapes will be invaluable to Ordr. Additionally, his tenure as a CTO in a major healthcare organization and technology provider strengthens our ability to drive innovation and maintain a leading edge in healthcare excellence.

Mission-Orientated Leader: A North Star for Excellence

Wes’s military background, serving in multiple roles in the U.S. Air Force, instills in him discipline, strategic thinking, and unwavering resilience—qualities vital to addressing healthcare’s daily security challenges. His ability to set clear objectives, mobilize resources, and lead by example will be instrumental in realizing our collective mission here at Ordr.

Wes’s prowess in rallying and motivating teams is a true asset. Wes’s leadership style, characterized by inspiration, approachability, and a genuine interest in others, is bound to bring out the best in every member of our organization. And beyond his influence with Ordr team, I know Wes will also inspire our partners, prospects, and customers and propel us toward shared success.

Welcome to our team, Wes. We are delighted to have you on board and eagerly anticipate a remarkable journey ahead.

There has been a lot of attention paid to ransomware over the last few years, and with good reason. In 2021 Fierce Healthcare reported a 470% increase in ransomware attacks on the healthcare industry in 2020 compared to the previous year. Threat actors saw an opportunity to take advantage of pandemic chaos to target a vulnerable sector of the economy and got to work. Healthcare took the brunt, but no industry was safe. The FBI’s Internet Crime Complaint Center (IC3) reported a more than 20% increase in ransomware investigations overall during that same period and said ransomware payouts increased at an even higher pace as a result. And according to Security Magazine more recent analysis shows the ransomware threat continued to rise through 2023, with more attacks, new gangs, and manufacturers emerging as a favorite target.

But ransomware isn’t the only danger to IT networks and data integrity. More common attacks, where the goal isn’t to lock down valuable information but siphon it off, remain a major threat to businesses. In fact, the most recent IC3 annual report said the FBI received 2,385 ransomware complaints accounting for losses of more than $34.3 million, while overall the Bureau fielded over 800,000 cybercrime complaints with losses of more than $10.3 billion during 2022.

A Complete, Real-Time View

Countering cyberthreats of every type is vital to protecting an organization’s business and operational interests, the safety of individuals, and to safeguarding assets like finances and intellectual property. Many types of cyberattacks share common attributes and indicators of compromise (IoC) like point of entry and vector, lateral movement, and disruptions to normal communications patterns. Identifying these can be difficult without a complete and real-time view of the assets comprising the network, and detailed profiles of each device connected to it. That is why a “whole enterprise” approach to cybersecurity must be adopted to maximize threat prevention.

Because many devices use obsolete, unsupported operating systems, they are easy to exploit and to quickly traverse the network toward their goal. 

This is especially important when considering the growing reliance many organizations have on the Internet of Things (IoT) and associated technologies like the Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT), operational technologies (OT), cyber physical systems, and other types of connected devices. Attackers don’t care what kind of devices the organization has deployed, only the operating system it runs. And because many devices use obsolete, unsupported operating systems, they are easy to exploit and to quickly traverse the network toward their goal.

Zero Trust Support

It makes sense, then, that a whole enterprise approach is the logical way to address cybersecurity because it includes full asset visibility combined with rich operational insights to give security teams the ability to recognize unexpected communications patterns and make informed security decisions in response. That is the Ordr See, Know, Secure philosophy to connected device security and it is why we have invested so much into building a platform that not only reveals an organization’s full connected device inventory in real-time, but layers in both intelligence and automation that enable dynamic policy creation and enforcement and support Zero Trust security initiatives.

A whole enterprise approach is the logical way to address cybersecurity because it includes full asset visibility combined with rich operational insights to give security teams the ability to recognize unexpected communications patterns and make informed security decisions in response.

That is important because connected devices are increasingly targeted by threat actors who use notoriously unsecure IoT, IoMT, OT and other devices as either an attack vector or path of lateral movement once inside the enterprise. They know that if 20% of an organization’s connected devices are outside the view of security, they are less likely to be detected and thwarted, and that their efforts stand a much higher chance of success.

Seven Keys to Fighting Back

To counter this threat, Ordr enables seven key capabilities in the fight against cyberattacks:

  • Discovery of all connected devices.
  • Identification of device communications with prohibited countries, prohibited IPs, and malicious URLs.
  • Communications baselining and identification of communication anomalies.
  • Identification of devices running vulnerable protocols with the ability to disable or monitor as needed.
  • Identification of devices running unpatched and/or vulnerable software and OSes through the Ordr Software Inventory Collector.
  • Segmentation or quarantining as a compensating control for devices that cannot be updated.
  • Retrospective analysis to evaluate past compromised communications patterns when new IoC and threat intelligence are released.

Recent Attacks Illustrate the Threat

Several recent, high-profile threat campaigns illustrate how these capabilities and a whole enterprise approach to cybersecurity can help prevent or minimize the effects of an attack. Exploiting vulnerabilities in Fortra’s GoAnywhere managed file transfer product, Progress Software’s MOVEit managed file transfer product, and the RDStealer weapon targeting remote desktop applications allowed threat groups to plant malware, including ransomware, in hundreds of organizations and execute the exfiltration of millions of data files containing sensitive personal and corporate information. Even when attacks use zero-day vulnerabilities to compromise network security undetected, the exfiltration of data may itself trigger automated policy enforcement, minimizing the event’s impact.

Ordr is a key component in the whole enterprise cybersecurity strategies of many top healthcare, manufacturing, financial services, and other organizations that recognize their growing reliance on connected devices could leave them vulnerable. Using Ordr, they now SEE, KNOW, and SECURE their systems and data.

Ordr’s See, Know, Secure Approach to Connected Device Security is Ideal for CPS Protection

 

As IT estates and their attack surfaces grow in complexity, cyber-physical systems (CPS) are getting more attention from cyber security professionals. Because organizations across all verticals  are adopting CPS to run operations more efficiently, connected devices are becoming more and more abundant. Some reports predict the number of Internet of Things (IoT), Internet of Medical Things (IoMT), Industrial Internet of Things (IIoT) and other emerging specialized (XIoT) devices that populate sprawling corporate networks will exceed 24 billion by 2030. Those devices represent a critical interface between traditional IT and the hyper-connected sensors, controls, and other operational technologies (OT) comprising CPS these days.

Our own Chris Westphal blogged about cyber-physical systems recently, offering some background on what they are and identifying some of the security challenges associated with protecting them. A newly updated report by Gartner, 3 Initial Steps to Address Unsecure Cyber-Physical Systems, goes into more detail to help organizations struggling to understand their CPS infrastructure and establish a strategy to keep their CPS secure.

Threat Actors are Aggressive

The report makes it clear that threat actors are aggressively exploiting vulnerabilities inherent with CPS technologies and the threat to those organizations unprepared to defend them. In fact, Microsoft recently uncovered a “a sophisticated attack campaign” targeting IoT devices, while other new security research suggests malware targeting IoT devices has increased 700% since 2020.

As IT and OT converge, cybersecurity leaders need to identify their attack surface across both environments. Gartner’s report cites examples of attacks against organizations in healthcare, critical infrastructure, manufacturing, and public utilities illustrate the risks beyond cyber with potential impact  to individuals, public safety and economic stability, and serve as a warning to organizations relying on traditional IT security approaches. The report’s author, Gartner analyst Kattell Thielemann, puts it this way:

“Business-led Internet of Things or converged OT-IT projects have largely underestimated or ignored security and safety risks. Security and risk management leaders must go beyond data security by embracing cyber-physical system security efforts, or they will soon be overwhelmed by new threats.”

“Business-led Internet of Things or converged OT-IT projects have largely underestimated or ignored security and safety risks. Security and risk management leaders must go beyond data security by embracing cyber-physical system security efforts, or they will soon be overwhelmed by new threats.”

A Strategic CPS Security Foundation

That dire warning comes with the promise that, by taking the time to understand CPS infrastructure from a risk management perspective, CSOs, CISOs, and other security leaders can implement effective strategies for protecting those systems. Formulating a CPS security strategy starts by:

  • Prioritizing discovery of all elements of the CPS environment;
  • Anchoring security goals and policies based on insights derived from device data and industry-specific requirements like regulations and threat intelligence; and,
  • Focusing on building maturity into the strategy based on an evolving Zero Trust approach.

Here at Ordr we call it a “See, Know, Secure” model for protecting connected devices, and the capabilities enabled by our platform dovetail well with the needs of organizations with CPS infrastructure. That’s because Ordr quickly discovers all CPS elements operating in the network, including those that were previously unknown or that connect and disconnect outside the control of IT management. This discovery happens in real-time, so there are never any blind spots.

Once discovered, we classify, map communications, analyze behavior, and assign a risk score to each device based on the data in the Ordr Data Lake—the industry’s most complete library of connected device intelligence. Our data lake is populated with millions of individual device profiles, including rich detail on each. We know their deterministic operational parameters, disclosed vulnerabilities, normal communications patterns, and other essential context that allows you to set policy.

A Potent Combination for CPS Protection

That combination of insight and capability supports automated responses whenever indicators of compromise are detected; and that means your network security gaps are identified and closed. Whether a CPS device is the vector, target, or in the path of an attack, Ordr can detect it and either stop it or help contain the spread.

The speed, complexity, and unique technical challenges endemic to cyber-physical systems operations means that legacy security tools and strategies are severely limited when applied to CPS infrastructure. Gartner recommends that CPS security “focus on safety, reliability, resilience, adaptability, and privacy.”

The Ordr platform is ideally suited to address these challenges. To read more about best practices to secure cyber physical systems, download a copy of the Gartner report, Market Guide for CPS Protection Platforms to help you better grasp the complexities and establish a CPS security strategy that meets the needs specific to your organization.

The “shared responsibility” philosophy for improving cybersecurity is becoming a worldwide phenomenon. It was woven throughout the U.S. National Cybersecurity Strategy issued by the White House in early March, and later that month the UK also announced its plan to improve cybersecurity for the country’s National Health Service (NHS).

On March 22, the UK government announced it will draft a six-year plan to “promote cyber resilience across the health and care sectors by 2030, protecting both services and patients.” That plan will build on five pillars for reducing the risk and impact of cyberattacks on healthcare organizations, while also improving recovery and resiliency should an attack succeed. Those pillars include:

  • Identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function.
  • Uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimizing disruption.
  • Building on the current culture to ensure leaders are engaged and the cyber workforce is grown and recognized, and relevant cyber basics training is offered to the general workforce.
  • Embedding security into the framework of emerging technology to better protect it against cyber threats.
  • Supporting every health and care organization to minimize the impact and recovery time of a cyber incident.

Faster Response, Minimized Disruption

The second of the five pillars is notable to us because it calls for “uniting” the healthcare sector in an effort to combine resources and expertise to “enable faster responses and minimize disruption.” At a macro level that is a critical capability for hardening the networks of organizations connected through extensive digital supply chains. At the individual level it is vital for an NHS Trust to approach cybersecurity from a “whole hospital” perspective. Recognizing that, with IT systems operating on the same infrastructure as the operational technologies (OT) that run the hospital operations—and also alongside the sophisticated connected medical devices (Internet of Medical Things) integral to delivering a high quality of healthcare to patients—a vulnerability anywhere in the network puts the entire Trust at risk.

“This new strategy will be instrumental to ensure every organization in health and adult social care is set up to meet the challenges of the future.” — Health Minister Lord Markham

Protecting 1.7 Million Devices

The announcement points out that there are more than 1.7 million devices operating within NHS Trust networks, and that the strategy seeks to monitor each for suspicious activity that could indicate an attack or active threat. That’s wise, and an imminently achievable goal. In fact, many Trusts in the NHS system currently use the Ordr platform to discover, monitor, and protect the hundreds or thousands of Internet of Medical Things (IoMT) devices that populate their networks for the delivery of patient care.

When the full NHS cybersecurity strategy is published later this year, Ordr is confident that our customers will be prepared to meet whatever standards are set as they pertain to protecting connected devices. And as the CISOs and other leaders in those Trusts have already demonstrated a desire to work toward a Zero Trust security posture, there is no doubt they will establish themselves as cybersecurity exemplars for their peer Trusts.

Ordr is also actively working with NHS Trusts to comply with the NHS Data Security Protection Toolkit (DSPT) and  ensure the security and privacy of data shared within the NHS system. Contact us for more information about how we can protect the connected devices in your network.