1.1. Business continuity management (including treatment upon exit)
Continuity of service during contract and at the point of transition to any replacement supplier is of the upmost importance to the NHS, especially given the nature of many of its contracts. Suppliers are expected to have robust and fit for purpose business continuity plans in place and to test them regularly. Suppliers will need to integrate their plans with those of other suppliers as well as the NHS and should do so in a supportive and proactive manner. We expect suppliers to behave in accordance with required standards and be forthcoming with information required where a contract is coming to an end and is in a transitional phase leading to contract exit.
Whilst suppliers are expected to comply with the provisions in their contracts and any legal requirements to protect sensitive information, suppliers to the NHS may also be party to confidential information that is necessary for them to be effective partners. This information, even if it is not covered by contractual provisions, should be handled with the same care as information of similar sensitivity in the supplier’s own organisation.
1.3. Conflicts of interest/distorting competition
We expect suppliers to mitigate appropriately against any real or perceived conflict of interest through their work with the NHS. A supplier with a position of influence gained through their relationship with any part of the NHS should not use that position to unfairly disadvantage any other supplier or reduce the potential for future competition, for example by creating a technical solution that locks in the supplier’s own goods or services.
1.4. Continuous improvement
We expect our suppliers to use recognised industry practices in the delivery of goods and services to, or on behalf of, the NHS. We also expect suppliers to continuously improve these goods and services and bring world-class innovation, ideas and expertise to help the NHS address its strategic challenges.
1.5. Cyber security
It is essential that suppliers safeguard the integrity and security of their systems (including those within their supply chain) and comply with the relevant NHS and government standards and guidance. All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit (DSPT) to provide assurance that they are practising good cyber security and publish their performance against the National Data Guardian's ten data security standards.
1.6. End-to-end delivery
Some of the services that the NHS requires are complex, and a single supplier may not have complete contractual responsibility for every element of what is needed to deliver to the end service user. We expect suppliers to be aware of how they contribute to that overall delivery, and to work with NHS organisations and other suppliers to ensure that their product or service is used effectively in the delivery of a high-quality service.
1.7. Financial management
We expect that suppliers will have in place and operate robust and fit for purpose financial management practices. Suppliers are expected to comply with the financial management, reporting and audit obligations in their contracts with the NHS and to do so in a proactive and supportive manner. The NHS needs its suppliers to be financially viable and not present undue service continuity risk. Suppliers are expected to maintain appropriate reserves and credit ratings and to inform their contracting authority should that change.
1.8. Management of risk
We try to ensure that risk is placed with the party best able to manage it. This means requiring prime contractors not to flow risk inappropriately to subcontractors, and not to assert that they can manage risk that is in fact better managed by the NHS. All parties should also be prepared to share intelligence of supply chain risks, so that material commercial and operational risks, for example the impact of losing a key supplier, can be mitigated.
The use of robust standards in the development of digital, data and technology products for the NHS is critical to ensuring they are safe, cost effective and meet the needs of health system users, whether they are patients or staff. The NHS requires that users and suppliers alike adopt standards published and recommended by the NHS in order that systems are safe, effective and interoperable.
1.10. Sustainable procurement
We expect our suppliers to be aware of, and support the NHS in complying with its legal and contractual obligations under social value legislation and in delivery of the wider policy that sits behind government and NHS contracts. We expect our suppliers to assist the NHS in the understanding and reduction of supply chain impacts on our environment and risks related to the security of raw material supply (including appropriately skilled personnel), including undertaking all practical efforts to minimise their energy consumption, natural resource use and waste generation.
Citizens expect the NHS to obtain value for every taxpayer pound and to be able to demonstrate that long-term value to the UK taxpayer. This means that contracts should be priced to offer sustainable value throughout their life, including when changes are needed. Whilst we accept our suppliers need to make a profit margin in return for the risk they are accepting, we expect suppliers not to exploit an incumbent or monopoly position, an urgent situation or an asymmetry of capability or information to impose opportunistic pricing. We expect suppliers to work in good faith to resolve any disputes promptly and fairly during the life of a contract through good relationship management and, where appropriate, contractual dispute resolution mechanisms, recognising that taxpayer and supplier interests are rarely best served by protracted litigation.