Skip to main content

Isosec Virtual Smartcard

The use of the Isosec Virtual Smartcard solution is now permitted, to help with demand for smartcards in the response to coronavirus (COVID-19).

Prior to the coronavirus (COVID-19) outbreak, the only way to access national systems has been with physical smartcards (apart for access to mobile SCRa on an iPad and soon to be available on a Windows 10 tablet).

Despite the work of the access and logistics hub to radically increase the rate of production of physical smartcards nationally, there are likely to be limitations to the speed of deployment as the requests increase. Physical smartcards and readers can also be a barrier in PPE and sterile environments and can be logistically complex to manage where the cards need to be deployed across a wide geography. We recognise the demand for virtual smartcards is increasing to accommodate requirements for authentication in VDI and complex IT ecosystems.

The use of the Isosec Virtual Smartcard solution is now permitted by NHS Digital. For the Electronic Prescribing Service (EPS) solution, Isosec are working rapidly with NHS Digital to develop an advanced electronic signature version.

NHS Digital is centrally funding Isosec licences to help accelerate implementation at this time. To request this service, contact Isosec directly via vsc@isosec.co.uk who will work with you to ensure that your use case and requirements can be fulfilled. Following this initial consultation, Isosec will provide you with a form that then needs to be completed and sent to NHS Digital via accesslogistics.hub@nhs.net for approval prior to the commencement of the service locally.

In summary:

  • if you require a virtual smart card solution and require immediate deployment, NHS Digital permits the use of the Isosec solution
  • NHS Digital has procured Isosec centrally and will make the licences immediately available to the NHS.
  • security and information governance remain a key priority: 2FA will remain a requirement in order to provide evidence of sufficient robustness to support criminal evidence standards if an account was misused or used for accessing or updating information on the national systems, and to meet the level of verifiable identity required under primary legislation for electronic prescriptions
  • emergency Guidance on remote identity registration has already been issued to the RA community
  • NHS Digital will publish a full list of virtual smartcard products which meet national cyber security standards (along with the associated national services from NHS Digital)

All queries should be forwarded to the access and logistics hub email: accesslogistics.hub@nhs.net

Isosec service overview

The Isosec product requires installation of their proprietary identity agent on the machines of those issuing and using the solution. The user will also require a smart phone to receive push notifications.   

The Isosec product requires a face to face identity verification process (following recent guidance this can be undertaken via a video conference call) and an identity to be created within the Care Identity Service (CIS). 

The Isosec solution supports the authentication part of the Identity and Access Management journey.  Identity and authorisation elements are still performed by the local Registration Authority:

  • organisations taking on the Isosec virtual smartcard solution are required to remove the NHS Digital-provided Identity Agent (IA) client and install Isosec’s proprietary IA client on all machines. This will then allow the virtual smartcard (and physical cards) to be used for authentication. In addition, RA staff issuing cards will need to install additional Isosec software
  • end user organisations must then verify the identity of users and create a digital identity for them in the Care Identity Service, via the normal User Registration Service process

  • once the user is registered, they will need to go through a two-factor authentication (2FA) process using a registered email address and mobile phone in order to activate the virtual smartcard allocated to them

If local teams have any difficulties with this installation process, that Isosec cannot resolve, please contact accesslogistics.hub@nhs.net

Commercial

Procurement of the Isosec solution has been made by NHS Digital to remove local burden.

Service access and principles for provision

The following principles will be used to ensure the service is used appropriately:

  • centrally procured Isosec licences will only be issued to organisations who require them to assist with urgent COVID-19 related needs
  • all parties involved in the delivery of an Isosec service must agree to the implementation, for example CSUs providing RA services to trusts and the trusts themselves

More information

For questions about virtual smartcard access, contact accesslogistics.hub@nhs.net.

Last edited: 7 July 2020 9:04 am