Skip to main content
HSCN consumer handbook: contents



This section provides guidance on managing your live HSCN service.

Ceasing legacy N3/BT Continuing Orders services

Once your HSCN service is live and you’ve successfully migrated, or you have determined that your Transition Network (TN) connection is no longer required, it is your responsibility as the consumer to cease your previous service(s). You are also responsible for ceasing any associated overlay services, such as managed voice or video services, once they have been replaced.

This is done by raising a BT Continuing Orders cease notice to terminate legacy services. To request a cease to your existing services you can:

  • raise a request on the BT Continuing Orders portal via the BT customer relationship manager 
  • send an email to the BT Continuing Orders team confirming the service identification number (SIN) to be ceased to - the SIN is a unique ID used to identify legacy Continuing Order services on the TN 
  • contact the BT Continuing Orders Helpdesk on: 0800 085 0503 (option 3, then option 2)

IP address management on HSCN

The HSCN IP addressing policy outlines how Internet Protocol (IP) addressing is used across the network for HSCN consumers.

Consumers moving from TN have the option of using either minimal Réseaux IP Européens (RIPE) addressing or migrating their existing addressing structure via the Transitional Assistance for Continuing Orders (TACO) process. TACO are a BT Transition Network service provider team. They support consumers migrating from the TN to HSCN.

All new consumers must use minimal RIPE addressing that covers connectivity only.

All consumers must inform the NHS Digital Internet Protocol Address Management (IPAM) team via the HSCN Portal. To do so you will need to request ‘IPAM Delegate’ access under your parent Organisation Data Service (ODS) Code via

Once you have IPAM delegate access you have two choices:

  1. Migrate circuit: for TN hosted sites, this informs the IPAM Team of what IP addresses the consumer wishes to use or abandon.
  2. New circuit: for new circuits, this provides minimal RIPE addressing to cover connectivity only, as per the IPAM policy.

In both cases you must provide:

  • the supplier name (CN-SP)
  • the supplier circuit ID – a unique service code replacing the previous BT N3 Service Identification Number (SIN)
  • the date of migration to HSCN
  • whether the circuit is a single or resilient link (for new circuits only)

NHS Digital strongly advise you to look at your IP subnet estate well in advance of migration to ensure that all information is up to date and correct. Further information on the HSCN IPAM policy and guidance documents can be found on the HSCN IP address management page.

HSCN Domain Name System (DNS)

HSCN/TN/ logical DNS configuration

This diagram shows the logical DNS configuration used across HSCN/TN.

Logical DNS configuration used across HSCN/TN.
2020 technical refresh

DNS migration

During 2020 NHS Digital successfully migrated the DNS service from the legacy BT service to a replacement service. The legacy infrastructure access was then blocked and decommissioned.  

All organisations should now have configured their DNS configuration to use the correct IP addresses below:

DNS Service - NHS Digital-owned RIPE IP Addresses ( (

For a limited timeframe, in order to support organisations that have not yet migrated their DNS services, the legacy BT-owned IP addresses and will be temporarily supported. Organisations should continue to plan their migration to the new NHS Digital-owned IP addresses.

Further guidance on IP configurations and the legacy DNS service can be found on the NHS Digital Website.

Please note that Transmission Control Protocol (TCP) ping should be used to test connectivity to the DNS IP addresses. TCP ping is supported by the HSCN DNS service and is a recommended alternative to Internet control Message Protocol (ICMP) ping. A variety of TCP ping tools are available online and guidance on utilising TCP ping has been published by Microsoft.

DNS change request process

NHS Digital own and administer DNS for the NHS in England.

NSS in Scotland administers the (sub) domain.

NHS Wales Informatics Service manages the sub-domain.

HSCNI manages the sub-domain.

The TN provider will continue to manage the 'live' DNS service for the foreseeable future.

DNS change requests, to change either zone data files or individual DNS records, must be made directly to these bodies. The HSCN/TN service provider cannot accept DNS change requests from end-users.

Find England DNS change request forms and contact information.

For further details please see HSCN/Transition Network DNS.

NTP service replacement

 As a number of organisations are still reliant on the central Network Time Protocol (NTP) service for HSCN, a temporary replacement service has been provisioned on the replacement DNS.  This service will be available on the same IP addresses as the legacy NTP service ( and

The reliance on the central NTP is discouraged, and organisations are requested to provision their own source. NHS Digital has publicised the availability of free and open source services that can fulfil the original NTP service requirement. Guidance on how to select and implement an appropriate NTP service is published on the NHS Digital website.

Protective DNS (PDNS)

The Replacement DNS recursive service will direct all external queries through the NCSC’s Protective Domain Name Service, referred to as PDNS – a service aimed at disrupting the use of DNS for malware distribution and operation. It's been created by the NCSC, and is implemented by Nominet UK.

PDNS is a free and reliable internet-accessible DNS service for the public sector and is one of the NCSC’s widely deployed Active Cyber Defence capabilities. It's been mandated for use by central government departments by the Cabinet Office
Further information is available on the NCSC website.

HSCN change management

A change schedule is published by the NHS Digital Service Management team on a weekly basis. The change schedule covers all internal and external changes that may affect HSCN. CN-SPs can request access to this information and, in the event that a change affects consumers, it is the CN-SP’s responsibility to inform you.

The HSCN Internet Access Form

The HSCN Internet Access Form replaces the Data Security Centre (DSC) HSCN ANM Firewall Change Request Form. 

The form can be used if:

  • your CNSP has advised the port you are trying to access is not an allowed any/any port and you still require access
  • your CNSP has advised you are trying to access something that has been placed on the deny list, but you still require access - these requests will only be approved in exceptional and business critical circumstances
  • you had access to a site on the Transition Network (previously N3) but you do not have the same access on HSCN

Once completed, the form should be sent to the NHS Digital National Service Desk (NSD) via your local IT support route. When they get the form the NHS Digital DSC will assess the request and either, instruct Capita to make the necessary changes and confirm this to you or respond to advise that the request cannot be authorised. 

Download the the HSCN Internet Access Form

For further details and guidance on using this form please see HSCN internet access issues guidance.

You can contact the NHS Digital National Service Desk by:

Telephone: 0300 303 5035


Last edited: 18 February 2021 9:27 am