More than NICE to have
NICE (National Institute for Health and Care Excellence) has guidance and standards on infection prevention and control. I believe most hospitals have a person responsible for ithat.
But I couldn't find guidance for infosec (looking under several relevant terms) on the NICE website. If it's there, it's not obvious. Does it need a disaster first?