Skip Navigation

HSCN Supplier Compliance Stage 1

Application form

  1. By Submitting this form you're committing your organisation to be bound by specific obligations. Only submit it if you're authorised (i.e. Company Officer or equivalent) to do so.
  2. 1. Please provide your name and contact details
  3. 2. HSCN Deed
    1. To become an HSCN supplier (CN-SP) you will need to sign the HSCN Deed - Please provide the name and contact details of the person who will be signing the Deed
  4. 3. What is your Companies House registered number?
  5. 4. What is your Data Universal Number System (DUNS) number?
    1. You can find out more about the DUNS number by following the link at the bottom of this page.
  6. 5. Which of the following ISO certifications do you have that are relevant to the scope of the service being proposed for HSCN?
  7. 6. If you claimed ISO/IEC certificates in the previous question, please give the certificate number (optional) and expiry dates (mandatory) for the ISO/IEC certificate(s)
    1. ISO/IEC-9001

    2. ISO/IEC-20000

    3. ISO/IEC-22301

    4. ISO/IEC-27001
  8. 7. I.T. Health Check (ITHC)
    1. Maximum file size for attachments is 10Mb
    2. For HM Government guidance covering ITHCs please refer to the HSCN Compliance Operating Model section 2.
  9. 8. Is the service you're proposing Public Service Network (PSN) certified?
    1. If so, complete the following fields:
  10. 9. Based upon the requirements of the Obligations Framework around High-Level Design Documentation, please attach any relevant documentation that you hold.
    1. Maximum file size for attachments is 10Mb

  11. Security compliance Section

  12. 10. CAS(T) and ISO/IEC compliance
  13. 11. Please read the descriptions below of the commitments statements for each compliance tier.

  14. Accredited
    1. You currently/already hold and maintain full current CAS(T) certification for the services provided.
  15. Audited
    1. You currently/already hold and maintain ISO/IEC-27001:2013 certification (for the services provided) for an ISMS that includes the CAS(T) ‘critical’ requirements at the point of becoming an HSCN Supplier and you commit that you will achieve coverage for the CAS(T) requirements marked as ‘mandatory’ by 1st April 2019.
  16. Asserted
    1. This is self-asserted Compliance (for the services provided) with the CAS(T) requirements marked as ‘critical’ at the time of becoming an HSCN Supplier, and Governance ‘control set’ marked as Mandatory and you commit that you will achieve either ‘accredited’ or ‘audited’ status by 1st April 2019.
  17. Which of the above compliance tiers is applicable to the HSCN service being proposed?
    1. *
    2. You can read about the Security Compliance Commitment Tiers in more detail using the links listed under 'Also in this section', at the bottom of this page.
  18. 12. Please confirm that you've read the commitment statement for your chosen compliance tier (above) and that you accept it
  19. Upload any other important documents here
    1. Maximum file size for attachments is 10Mb
  20. Any personal information you give to us will be processed in accordance with the UK Data Protection Act 1998. We will use the information to process your request and to provide any further relevant information or services you have requested. It will also be used to support our service development activities.

Have a question? Call us on 0300 303 5678 or contact enquiries@nhsdigital.nhs.uk.

Tell us what you think of the new website beta.

We use cookies to provide you with a better service. Carry on browsing if you're happy with this, or find out how to manage cookies. Find out more