Skip to main content

Virtual Smartcard Service provided by Isosec

A virtual smartcard product and service that enables users to authenticate securely, which includes an app on their mobile device, to gain access to health and care systems and services.

The Isosec product is a 3rd party application and service that works with the Care Identity Service (CIS) to provide 2 Factor Authentication (2FA) to a range of national and local systems. 

It is an option for authentication to Spine systems and it works through a combination of Isosec specific local client software and an Isosec application that can be downloaded and installed on a user’s mobile device. Virtual Smartcards can be issued and managed by Registration Authorities across their user estate.

This virtual smartcard solution and service is built, managed and supported by Isosec. The new version of the service has undergone product assurance reviews by NHS Digital's Cyber Security, Solutions Assurance and Information Governance functions.

Isosec Product Statement

NHS Digital and Isosec have been working collaboratively to agree the design and implementation for an enhanced solution from Isosec that meets all of NHS Digital’s requirements.

The enhanced product has now been through that review and assurance process - our cyber security team has confirmed that the solution now constitutes an Advanced Electronic Signature (AdES) and can therefore be used to authenticate to national systems and sign prescriptions for use with the Electronic Prescription Service (EPS).

Isosec can now start working with its customers under our agreement to roll out the enhanced software elements as outlined in the Product Assurance section below.

Isosec Product Assurance

NHS Digital has developed and implemented a Requirements framework for Virtual Smartcard solutions to be assessed. This framework will be kept under review at least annually, we will manage change to this framework either as a result of changes to the requirements or changes implemented by supplier systems.  

The enhanced Isosec product has been through a rigorous process of assessment against a number of attributes and acceptance criteria, which has given NHS Digital and Isosec confidence that it can now be made available to NHS organisations under the agreement with NHS Digital.

The assessment covered:

  • Consumer contracting and agreement
  • Solution overview and how it met security and operational requirements
  • Administration – how system admin activities are undertaken and how they are protected from being compromised
  • Test and Assure – the process and methods for build and test
  • Deployment methods and approach
  • Change & Configuration Management
  • Monitoring and Service Management
  • Governance
  • Risk Management including business continuity and disaster recovery

Through the review, a number of additional artefacts have been created and agreed between Isosec and NHS Digital including a Connection Agreement, Customer Acceptable Use Policy, Change Control Process and Remediation Process that improves the agreements in place between NHS Digital, Isosec and its customer base.

NHS Organisations taking the Isosec solution under NHS Digital agreement should review and accept additional agreements before rolling out the new software and service.

Isosec can provide this or a copy can be provided on request via

NHS Digital has assured the Isosec solution against the following versions of Isosec software:

Component Version Description
vSC Server 2.0 Cloud based virtual smartcard component
vSC Authenticator 3.0 Virtual smartcard authenticator mobile app
iO Identity Agent 9.0 Identity agent
vSC Issuance 2.0 Virtual smartcard RA issuance component

A copy of the NHS Digital Assurance Framework can be provided on request by contacting

Whilst NHS Digital has reviewed the Isosec solution, all customers are advised to perform their own due diligence and pre-deployment checks and tests prior to the use of the solution to ensure that it meets the commercial, legal and policy requirements of their organisation.


In April 2020 NHS Digital procured a limited number of licenses to remove local burden.

Licenses should continue to only be granted and used to help NHS organisations with their COVID-19 response.

NHS Digital has agreed with Isosec that NHS organisations already approved to use the solution under our contract can request that the term of the licence can be extended to the end of March 2022. There is limited funding available and therefore this will be agreed by Isosec on a first come first serve basis.  

Any organisations who will not make full use of their existing approved licences are encouraged to contact to offer unused licences back to NHS Digital. Those licences may then be made available to new or existing organisations that can make use of the service. 

Apply for Isosec Virtual smartcards

We are not currently accepting any new applications for Isosec virtual smartcards. If NHS organisations return licences they don’t believe they can fully utilise, then we will work with Isosec to engage customers on a first come first serve basis. 

NHS organisations can contact Isosec directly via: to enquire about how to procure their Virtual Smartcards.

If you wish to be notified if any further licences become available you can email with the following details: 

  • email title - Isosec VSC
  • organisation name
  • contact name, email and phone number
  • how many licences you’d like
  • overview of the systems the users would use the Isosec VSC with

Contact us

If you have questions or need help with your application you can email

Last edited: 2 February 2021 3:34 pm