We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
The Department for Health and Social Care, NHS England and NHS Digital have developed a simple tiered-model to frame the development of Commercial standards for IT contracting across the NHS – the “NHS IT Contracting Model”.
The Commercial and Behavioural Principles are the first step in developing these Commercial standards. The standards developed will be in line with existing commercial standards already developed by the Government Commercial Function (GCF). The principles listed below are also consistent with the recently finalised NHS England Supplier Code of Conduct. The Commercial and Behavioural Principles define how the NHS expects suppliers and those procuring and managing their services to operate.
It is intended that all NHS organisations, along with their suppliers, adopt and adhere to these principles and behaviours when procuring, managing and delivering IT services and products. The aim is to help drive best practice and embed good working standards within IT contracts across the NHS.
We look to develop these principles and standards over time and invite feedback from suppliers and NHS organisations alike.
1. Commercial business practices
1.1. Business continuity management (including treatment upon exit)
Continuity of service during contract and at the point of transition to any replacement supplier is of the upmost importance to the NHS, especially given the nature of many of its contracts. Suppliers are expected to have robust and fit for purpose business continuity plans in place and to test them regularly. Suppliers will need to integrate their plans with those of other suppliers as well as the NHS and should do so in a supportive and proactive manner. We expect suppliers to behave in accordance with required standards and be forthcoming with information required where a contract is coming to an end and is in a transitional phase leading to contract exit.
Whilst suppliers are expected to comply with the provisions in their contracts and any legal requirements to protect sensitive information, suppliers to the NHS may also be party to confidential information that is necessary for them to be effective partners. This information, even if it is not covered by contractual provisions, should be handled with the same care as information of similar sensitivity in the supplier’s own organisation.
1.3. Conflicts of interest/distorting competition
We expect suppliers to mitigate appropriately against any real or perceived conflict of interest through their work with the NHS. A supplier with a position of influence gained through their relationship with any part of the NHS should not use that position to unfairly disadvantage any other supplier or reduce the potential for future competition, for example by creating a technical solution that locks in the supplier’s own goods or services.
1.4. Continuous improvement
We expect our suppliers to use recognised industry practices in the delivery of goods and services to, or on behalf of, the NHS. We also expect suppliers to continuously improve these goods and services and bring world-class innovation, ideas and expertise to help the NHS address its strategic challenges.
1.5. Cyber security
It is essential that suppliers safeguard the integrity and security of their systems (including those within their supply chain) and comply with the relevant NHS and government standards and guidance. All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit (DSPT) to provide assurance that they are practising good cyber security and publish their performance against the National Data Guardian's ten data security standards.
1.6. End-to-end delivery
Some of the services that the NHS requires are complex, and a single supplier may not have complete contractual responsibility for every element of what is needed to deliver to the end service user. We expect suppliers to be aware of how they contribute to that overall delivery, and to work with NHS organisations and other suppliers to ensure that their product or service is used effectively in the delivery of a high-quality service.
1.7. Financial management
We expect that suppliers will have in place and operate robust and fit for purpose financial management practices. Suppliers are expected to comply with the financial management, reporting and audit obligations in their contracts with the NHS and to do so in a proactive and supportive manner. The NHS needs its suppliers to be financially viable and not present undue service continuity risk. Suppliers are expected to maintain appropriate reserves and credit ratings and to inform their contracting authority should that change.
1.8. Management of risk
We try to ensure that risk is placed with the party best able to manage it. This means requiring prime contractors not to flow risk inappropriately to subcontractors, and not to assert that they can manage risk that is in fact better managed by the NHS. All parties should also be prepared to share intelligence of supply chain risks, so that material commercial and operational risks, for example the impact of losing a key supplier, can be mitigated.
The use of robust standards in the development of digital, data and technology products for the NHS is critical to ensuring they are safe, cost effective and meet the needs of health system users, whether they are patients or staff. The NHS requires that users and suppliers alike adopt standards published and recommended by the NHS in order that systems are safe, effective and interoperable.
1.10. Sustainable procurement
We expect our suppliers to be aware of, and support the NHS in complying with its legal and contractual obligations under social value legislation and in delivery of the wider policy that sits behind government and NHS contracts. We expect our suppliers to assist the NHS in the understanding and reduction of supply chain impacts on our environment and risks related to the security of raw material supply (including appropriately skilled personnel), including undertaking all practical efforts to minimise their energy consumption, natural resource use and waste generation.
Citizens expect the NHS to obtain value for every taxpayer pound and to be able to demonstrate that long-term value to the UK taxpayer. This means that contracts should be priced to offer sustainable value throughout their life, including when changes are needed. Whilst we accept our suppliers need to make a profit margin in return for the risk they are accepting, we expect suppliers not to exploit an incumbent or monopoly position, an urgent situation or an asymmetry of capability or information to impose opportunistic pricing. We expect suppliers to work in good faith to resolve any disputes promptly and fairly during the life of a contract through good relationship management and, where appropriate, contractual dispute resolution mechanisms, recognising that taxpayer and supplier interests are rarely best served by protracted litigation.
2. Behaviour towards employees and service users
2.1. Health and safety
Suppliers must comply with all applicable laws, regulations and standards relating to health and safety in the workplace or any other location where production, manufacture or work is undertaken. Suppliers should demonstrate an active commitment to creating health-improving workplaces that is co-produced with employees and illustrates an active monitoring approach that utilises evidence-based practice for employer-led health improvement.
2.2. Human rights and employment law
Suppliers must comply with all applicable human rights and employment laws in the jurisdictions in which they work and have robust means of ensuring that the subcontractors in their supply chain also comply. This includes complying with the provisions of the Modern Slavery Act 2015.
Suppliers must comply with national laws regarding working hours, wages and benefits and shall put mechanisms in place to ensure that their supply chains also comply. Suppliers are expected to work towards and support good practice in paying reasonable living wages.
2.3. Professional behaviour
We expect suppliers to be prepared to invest in their relationships with the NHS and establish trust with our staff and with other suppliers involved in delivery. We also expect suppliers to be able to speak out when NHS officials, civil servants or other suppliers are not upholding the values embedded in the Civil Service Code or these Commercial and Behavioural Principles.
2.4. Respectful treatment
Our staff and service users have the right to respectful treatment. We will not tolerate discrimination, harassment or victimisation in the workplace or in connection with any NHS service, and we expect our suppliers to provide the same commitment, including to their own employees. The Equality Act 2010 protects against discrimination, harassment and victimisation.
2.5. Vulnerable users
Some public contracts deliver services to service users with particular needs such as physical or mental disabilities, medical conditions or other factors that place them in a vulnerable position. Suppliers should ensure that these service users are treated at all times with courtesy and that their dignity, safety, security and well-being is treated as a priority concern.
3. Standards of behaviour
3.1. Corporate social responsibility
We expect our suppliers to be good corporate citizens; by upholding the values behind these principles and supporting key government and/or NHS corporate social responsibility policy areas, such as diversity and inclusion, sustainability, prompt payment, small and medium sized enterprise engagement, support of the Armed Forces Covenant, apprenticeships and skills development.
3.2. Counter fraud and corruption
We demand that suppliers adhere to anti-corruption laws, including but not limited to the Bribery Act 2010, and anti-money laundering regulations. We expect suppliers to have robust processes to ensure that the subcontractors in their supply chain also comply with these laws. We have zero tolerance of any form of corrupt practices including extortion and fraud that we become aware of and we expect suppliers to be vigilant and proactively look for fraud, and the risk of fraud, in their business. Suppliers should immediately notify the relevant authority where fraudulent practice is suspected or uncovered and disclose any interests that might impact their decision making or the advice that they give to the NHS.
3.3. Ethical behaviour
We expect the highest standards of business ethics from suppliers and their agents in the supply of goods and services funded by the public purse, for example as referenced in the Committee on Standards in Public Life’s 2014 report and 2015 guidance: Ethical Standards for Providers of Public Services. We expect suppliers to be explicit about the standards they demand of executives, employees, partners and subcontractors and to have the governance and audit processes to monitor and enforce these standards. NHS officers and employees are required to uphold the Seven Principles of Public Life in their dealings with third parties and we expect fully reciprocal behaviour from suppliers.
3.4. Joint working and governance
The NHS places great importance on the contribution made by its supply chain and key partners. The NHS will work across contracting boundaries to identify key suppliers and to work with them to define objectives and development plans, and to put in place structural performance appraisal measures. The NHS expects that its suppliers will engage with this process on a partnership basis, seeking to deliver/develop value for money services in an open and positive manner.
We want to work with suppliers who are proud of their reputation for fair dealing and quality delivery. We also want ‘working with the NHS’ to be seen as reputation enhancing for the supplier. However, reputation can quickly be lost, for example, by exaggerating the extent of benefits. Equally, we expect suppliers to be protective of the NHS’ reputation, and ensure that neither they, nor any of their partners or subcontractors, bring the NHS into disrepute by engaging in any act or omission which is reasonably likely to diminish the trust that the public places in the NHS.
We expect suppliers to be open and honest in their dealings with the NHS and be in full compliance with the updated principles published February 2017 - “The Transparency of Suppliers and Government to the Public”. In addition, where contractually required, we expect full and prompt disclosure of cost, revenue and margin information (“Open Book Accounting and Open Book Contract Management”) in line with published guidance and the terms of any contract.
3.7. Treatment of Subcontractors
We expect our suppliers to deal fairly with all organisations in their supply chain, including observing the principles of the Prompt Payment Code. We expect suppliers to avoid flowing unreasonable levels of risk to subcontractors who cannot reasonably be expected to manage or carry these risks. We expect suppliers not to create barriers to the use of small and medium-sized enterprises who are qualified to provide goods or services, and to encourage innovation in their supply chains to increase the value and/or quality of supply.
The NHS remains accountable for the delivery of service via its supply chain, regular assurance processes including audit form a key part of the governance of NHS contracts. Suppliers are expected to support any audit activity in an open, transparent and proactive manner.
NHS contracts contain supplier obligations to remediate issues and breaches of contract, the NHS requires its supply chain to be proactive and supportive in remediating issues. Commercial positioning, obfuscation and resistance to resolving issues is counter to the delivery of quality and safe services and will not be tolerated.
The NHS expects its suppliers to operate in an open and transparent manner, early identification and resolution of issues is vital to maintaining patient confidence and safety. Suppliers should not sit and wait for the NHS to discover problems through audit or periodic reports rather they should flag where issues and/or non-compliances exist.