Yes, healthcare providers must ensure their vendors—such as those supplying Clinical Management Systems (CMS) or cloud storage—can meet HIB security standards and support compliance.
No, Cyber Essentials provides foundational cybersecurity practices but does not fulfil HIB requirements. Amongst others, HIB introduces time-bound activities like incident reporting, backup testing, and policy reviews, which Cyber Essentials may or may not cover depending on our in-house capabilities or that provided by your vendors.