NHS Digital has developed and implemented a requirements framework for Virtual Smartcard solutions to be assessed. This framework will be kept under review at least annually. We will manage change to this framework either as a result of changes to the requirements or changes implemented by supplier systems.
The enhanced Isosec product has been through a rigorous process of assessment against a number of attributes and acceptance criteria, which has given NHS Digital and Isosec confidence that it can now be made available to NHS organisations under the agreement with NHS Digital.
The assessment covered:
- consumer contracting and agreement
- solution overview and how it met security and operational requirements
- administration – how system admin activities are undertaken and how they are protected from being compromised
- test and assure – the process and methods for build and test
- deployment methods and approach
- change and configuration management
- monitoring and service management
- risk management including business continuity and disaster recovery
Through the review, a number of additional artefacts have been created and agreed between Isosec and NHS Digital including a Connection Agreement, Customer Acceptable Use Policy, Change Control Process and Remediation Process that improves the agreements in place between NHS Digital, Isosec and its customer base.
NHS organisations taking the Isosec solution under NHS Digital agreement should review and accept additional agreements before rolling out the new software and service.
Isosec can provide this or a copy can be provided on request. Email: email@example.com.
NHS Digital has assured the Isosec solution against the following versions of Isosec software:
||Cloud based virtual smartcard component
||Virtual smartcard authenticator mobile app
|iO Identity Agent
||Virtual smartcard RA issuance component