Public Key Infrastructure (PKI) documentation

The documentation set is an essential component of any PKI and defines an agreed set of rules for the operation and management of the PKI. These rules cover usage of the PKI from the perspective of users using certificates issued by the PKI, individuals relying on the certificates issued by the PKI and operators of the PKI service who manage the PKI. Operation of the PKI within these rules helps to form a cohesive trust platform which can be relied upon for authentication, encryption and digital signing purposes.

The Certificate Policy and PKI Disclosure Statement for the NHS Root Certificate Authority (CA) make up the complete policy under which the NHS Root CA is operated. The two documents should be read in conjunction with each other.

Certificate Policy for NHS Root Certification Authority

This document describes the procedures and processes by which the NHS Root Certificate Authority (Level 0) generates certificates for the Level 1 Sub-Certificate Authorities operating under this Root within the NHS Public Key Infrastructure.

Download the Root Certificate Authority Certificate Policy [Archive Content] - last updated July 2021.

NHS Root Certificate Authority PKI Disclosure Statement

The purpose of the PKI Disclosure Statement (PDS) document is to support the NHS Root Certificate Authority Certificate Policy, by describing the elements of this policy that are of relevance to Certificates issued by the NHS Root Certificate Authority in a manner that is straight forward to follow for the community of users issued with those certificates. The NHS Root Certificate Authority is managed by the NHS Issuing Authority, under the overall control of the Policy Management Authority.

Download the NHS Root Certificate Authority PKI Disclosure Statement [Archive Content]  - last updated July 2021.

For each type of certificate issued from the Level 1 Sub Certificate Authorities, there are two documents which make up the complete policy. These are the Base Certificate Policy and the associated PKI Disclosure Statement for the specific certificate type. The PKI Disclosure Statement for each certificate type details specifics for that certificate in terms of usage, reliance and so forth.

NHS Level 1 Issuing Authority Base Certificate Policy

The NHS Level 1 Issuing Authority Base Certificate Policy details the policies under which the Level 1 Sub CAs are managed and operated to ensure that credentials are issued to the required standard, HMG e-Government Interoperability Framework (e-GIF), Level 3.

Download the NHS Level 1 Issuing Authority Base Certificate Policy - last updated 10 November 2011

Content commitment PKI disclosure statement

The purpose of the Content Commitment PKI Disclosure Statement (PDS) document is to support the NHS Level 1 Issuing Authority Base Certificate Policy, by describing the elements of the policy that are of relevance to Content Commitment Certificates in a manner that is straight forward to follow for the community of users issued with those certificates.

Download the Content Commitment PKI Disclosure Statement [Archive Content] - last updated 10 November 2011

Authentication PKI disclosure statement

The purpose of the Authentication PKI Disclosure Statement (PDS) document is to support the NHS Level 1 Issuing Authority Base Certificate Policy, by describing the elements of the policy that are of relevance to Authentication Certificates in a manner that is straight forward to follow for the community of users issued with those certificates.

Download the Authentication PKI Disclosure Statement [Archive Content] - last updated 10 November 2011

End-Point authentication PKI disclosure statement

The purpose of the End-point Authentication PKI Disclosure Statement (PDS) document is to support the NHS Level 1 Issuing Authority Base Certificate Policy, by describing the elements of the policy that are of relevance to End Point (computer applications and devices) Authentication Certificates for use with approved systems for the NHS Care Records Service. The statement is written in a manner that is straightforward to follow for the Service Provider community and for the technical staff at NHS organisations issued with or responsible for managing those certificates.

Download the End-Point Authentication PKI Disclosure Statement [Archive Content] - last updated 10 December 2012 to add NHS 111 Number Programme Endpoint systems as Subscribers/Relying Parties.

The purpose of the Subscriber Agreement is to specify the terms, conditions and obligations which are placed upon those individuals and organisations who wish to obtain certificates for use with NHS CRS systems.

RA01 Form for subscribers wishing to obtain NHS Smartcards

Part A - contains the terms, conditions and obligations an applicant has to agree to prior to becoming an authorised NHS Care Records Service (NHS CRS) user and being issued with a Smartcard.

Download RA01 Form part A

Part B - is for the registration form which must be completed by prospective users of NHS CRS applications prior to their being issued with a smartcard. They also need to have agreed to the terms, conditions and obligations specified in the RA01 form referenced above.

Download RA01 Form part B

NHS 111 Number programme subscriber agreement

The NHS 111 Number programme subscriber agreement is for organisations who supply services to the NHS 111 Number Programme and wish to obtain certificates for the purposes of system authentication and securing messages in transit. This Subscriber Agreement is also provided as part of the "NHS 111 IM&T Readiness Toolkit" pack.

Download the Subscriber agreement for the NHS 111 number programme - last updated 10 December 2012

The purpose of the Relying Party Agreement is to specify the terms and conditions under which a Relying Party may rely on information presented within a digital certificate and to provide the Relying Party with enough information as to locations where they can check the validity and status of a certificate. This is so that they can make an informed decision as to whether to rely on the contents of a certificate or content which has been signed or presented by such a certificate.

NHS 111 Number Programme Relying Party Agreement

The NHS 111 Number Programme Relying Party Agreement is for organisations acting as Relying Parties who rely on undertakings made by NHS 111 Number Programme Subscribers using certificates issued from the NHS PKI. This Relying Party Agreement is also provided as part of the "NHS 111 IM&T Readiness Toolkit" pack.

Download the Relying Party Agreement for the NHS 111 Number Programme - last updated 10th December 2012