HSCN Supplier Compliance Stage 1 Application form By Submitting this form you're committing your organisation to be bound by specific obligations. Only submit it if you're authorised (i.e. Company Officer or equivalent) to do so. 1. Please provide your name and contact details Full name* Organisation name* Job title/role* Email address* 2. HSCN Deed To become an HSCN supplier (CN-SP) you will need to sign the HSCN Deed - Please provide the name and contact details of the person who will be signing the Deed Full name* Organisation name* Job title/role* Email address* 3. What is your Companies House registered number? * 4. What is your Data Universal Number System (DUNS) number? Label* You can find out more about the DUNS number by following the link at the bottom of this page. 5. Which of the following ISO certifications do you have that are relevant to the scope of the service being proposed for HSCN? ISO/IEC-9001:2015 ISO/IEC-9001:2008 ISO/IEC-20000:2011 ISO/IEC-22301:2012 ISO/IEC-27001:2013 None of the above 6. If you claimed ISO/IEC certificates in the previous question, please give the certificate number (optional) and expiry dates (mandatory) for the ISO/IEC certificate(s) ISO/IEC-9001 Certificate number Expiry date Please confirm the service(s) that your ISO/IEC-9001 Certificate specifically relates to ISO/IEC-20000 Certificate number Expiry date Please confirm the service(s) that your ISO/IEC-20000 Certificate specifically relates to ISO/IEC-22301 Certificate number Expiry date Please confirm the service(s) that your ISO/IEC-22301 Certificate specifically relates to ISO/IEC-27001 Certificate number Expiry date Please confirm the service(s) that your ISO/IEC-27001 Certificate specifically relates to 7. I.T. Health Check (ITHC) Please confirm you have a valid ITHC for the proposed service by entering the expiry date* Please confirm the service(s) that your ITHC specifically relates to* Please state the name of the organisation which ran your ITHC* If available, please attach the findings report from your ITHC If available, please upload your Residual Risk Statement Maximum file size for attachments is 10Mb For HM Government guidance covering ITHCs please refer to the HSCN Compliance Operating Model section 2. 8. Is the service you're proposing Public Service Network (PSN) certified? If so, complete the following fields: Please confirm the service(s) that your PSN Certificate specifically relates to Certificate number Expiry date If available, please attach your PSN certificate 9. Based upon the requirements of the Obligations Framework around High-Level Design Documentation, please attach any relevant documentation that you hold. Maximum file size for attachments is 10Mb Security compliance Section 10. CAS(T) and ISO/IEC compliance Is your business CAS(T) or ISO/IEC-27001:2013 certified for the service proposed? * Yes No If you're not fully compliant now, and require more time to become fully compliant, do you hold compliance for the Critical Conditions now? * Yes, I hold compliance for the Critical Conditions No 11. Please read the descriptions below of the commitments statements for each compliance tier. Accredited You currently/already hold and maintain full current CAS(T) certification for the services provided. Audited You currently/already hold and maintain ISO/IEC-27001:2013 certification (for the services provided) for an ISMS that includes the CAS(T) ‘critical’ requirements at the point of becoming an HSCN Supplier and you commit that you will achieve coverage for the CAS(T) requirements marked as ‘mandatory’ by 1st April 2019. Asserted This is self-asserted Compliance (for the services provided) with the CAS(T) requirements marked as ‘critical’ at the time of becoming an HSCN Supplier, and Governance ‘control set’ marked as Mandatory and you commit that you will achieve either ‘accredited’ or ‘audited’ status by 1st April 2019. Which of the above compliance tiers is applicable to the HSCN service being proposed? * Accredited Audited Asserted You can read about the Security Compliance Commitment Tiers in more detail using the links listed under 'Also in this section', at the bottom of this page. 12. Please confirm that you've read the commitment statement for your chosen compliance tier (above) and that you accept it * I accept the commitment statement I do not accept Please upload a statement, signed by a director, stating that you've read the commitment statement for your chosen compliance tier and that you accept it* Upload any other important documents here Upload document 1 Upload document 2 Upload document 3 Maximum file size for attachments is 10Mb Any personal information you give to us will be processed in accordance with the UK Data Protection Act 1998. We will use the information to process your request and to provide any further relevant information or services you have requested. It will also be used to support our service development activities.