Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. More about the merger.

Governance, security and controls

Tools, techniques, and best practices to maintain compliance and security of systems in the cloud.


The cloud introduces new security models and challenges.  As data and systems are moved out of the “walled garden” of a corporate datacentre, a more holistic approach to controls and governance is required. Implementation of effective security can seem daunting. The Cloud Centre of Excellence (CCoE)’s role is to support and guide cloud adopters to build their systems to be secure and compliant. 

Successful cloud adoption relies on the inputs of a broad range of stakeholders to maintain executive oversight over security, compliance, finance, risk, and service delivery aspects of IT delivery.

Governance of the cloud platforms and their use is managed by the NHS Digital Technical Review Group (TRG). TRG provides technical governance by ensuring that all developments and activities align to published policies, principles, patterns, and standards. It has delegated responsibilities for applying the policies set by the Architecture Board, Applications and Infrastructure Design Authority, Cyber Design Authority, and Data Design Authority.

Getting started

The entry point for cloud governance is via the Cloud Hosting Request (CHR) form, which is required to apply for a new cloud subscription account.  TRG evaluates the hosting request alongside other key design artefacts (Solution Design Overview, Key Architecture Decision, COTS request) and determines the appropriate governance route to live.

Guidance and information

Contact us

Contact us by emailing 

Last edited: 29 June 2022 2:30 pm