The Risk Framework tool is available separately. An initial impact score is assigned to each data type. That score is then scaled separately by the scaling factors assigned to each measure of scale and persistence, resulting in a 'Risk Impact Score' value.
The tool maps the generated Risk Impact Score to one of five 'Risk Profile Levels'. This provides an overall view that reflects the 'degree of risk or contentiousness' of the described use of public cloud.
In general, all potential uses – and risks – should be weighed against the benefits of public cloud facilities (for example in terms of cost, time-to-launch, flexibility). The Risk Appetite Level may also be subsequently affected by a privacy-enhancing technique, or additional controls, that are added to a processing environment (at either an infrastructure or application layer, or both).
Following those steps, the table below provides an overview of the impact of the resulting level in terms of governance. This takes into account the degree to which, at present, there is relatively little use of high-profile public cloud take-up across health and care, but with the expectation that, over time, we would expect to modify these expectations given greater experience.
Risk profile level |
Governance expectation |
Class I |
All organisations are expected to be comfortable operating services at this level. |
Class II |
Whilst there may be some concerns over public perception and lock-in, most organisations are expected to be comfortable operating services at this level. |
Class III |
At this level, risks associated with impact of breach become more significant, and the use of services at this level therefore requires specific risk management across all risk classes described in Part 3: Risk classes, requiring approval by Chief Information Officer/Caldicott Guardian level. |
Class IV |
At this level, it is likely to become more difficult to justify that the benefits of the use of public cloud outweigh the risks. However, this case may still be made, requiring approval by CIO/Caldicott Guardian, and would be required to be made visible to the organisation’s Board. Specific advice and guidance may be provided by NHS Digital on request. |
Class V |
Operating services at this level would require board-level organisational commitment, following specific advice and guidance from NHS Digital. |
In addition, the Risk Profile Level drives the level of controls that are required to be implemented by the public cloud provider. The description of these controls is provided separately.