Skip to main content

Part of HSCN consumer handbook: contents

Roles and responsibilities

This page sets out the responsibilities of HSCN consumers (individuals and organisations using HSCN), NHS Digital, and providers of HSCN services.


This page sets out the responsibilities of HSCN consumers (individuals and organisations using HSCN), NHS Digital, and providers of HSCN services.

HSCN consumer

A HSCN consumer is any organisation which uses or has access to HSCN. 

As an HSCN consumer, you are responsible for:

  1. The size, scale, procurement and, once awarded, management of a HSCN service, including any associated business application services.
  2. Understanding the Service Level Agreements and the service wrap provided by your chosen HSCN consumer network service provider (CN-SP). This will vary depending upon the procurement route used and individual contract details. It is your responsibility to confirm these with your chosen CN-SP.
  3. Undertaking supplier management of your CN-SP against the contract by ensuring the supplier has met their obligations. Where this has not been achieved you must manage your supplier to the point that the service meets the contract terms. 
  4. Managing the day-to-day operational services provided by your CN-SP. You are responsible for managing the contract, including ordering, moves/adds/changes, service management engagement and reviews, and billing reconciliation and payment. You may manage this directly or through a 3rd party or partner organisation, such as a commissioning support unit (CSU) or clinical commissioning group (CCG). 
  5. Being aware of your CN-SP contacts, who will deal with all HSCN related queries. For example; the service/account manager; service desk and any out of hours support numbers.
  6. Maintaining up-to-date site contacts on the HSCN Portal. 
  7. Ensuring cease requests are raised with the Transition Network Service Provider (TN-SP) for all continuing orders, including, voice, video or local area network (LAN) overlays.
  8. Maintaining compliance with relevant NHS Digital Information Governance, such as the Data Security and Protection Toolkit, and data security standards and accreditation as well as being aware of your obligations under the HSCN Connection Agreement.
  9. Applying for access to applications, including both those provided by NHS Digital and any third-party applications you may use.
  10. Ongoing compliance with NHS Digital IPAM Policy.

If your organisation provides IT services (such as infrastructure or hosting solutions) to other HSCN users, you are responsible for securing the services you provide. This includes making decisions about who can access those systems or services. This is covered in the “Representing Customers” variation of the Connection Agreement.

Consumer network service provider (CN-SP)

A CN-SP is an organisation that supplies, or is approved to supply, HSCN connectivity, having achieved the HSCN Compliance accreditation. A list of CN-SPs is available on our HSCN suppliers webpage.

After migrating to HSCN your chosen CN-SP will be responsible for managing your HSCN services to the minimum service wrap standards agreed. The minimum service wrap standards are described in the HSCN Obligations Framework - reference ID OPNSP.3.

Some consumers may require, and have entered into a contract for, an enhanced level of service. The full details of these support arrangements should always be described within the contract between your organisation and your CN-SP.

CN-SP’s are responsible for:

  • compliance to the HSCN Obligations Framework
  • compliance to the service levels and service level agreements agreed within the contract with you
  • providing appropriate consumer contacts - for example; the service/account manager; service desk and any out-of-hours support numbers.
  • providing information and guidance on the incident management process that you need to follow in the event of an incident
  • providing a service desk for you to raise HSCN service incidents
  • end-to-end ownership and management of incidents related to HSCN standalone service instances or integrated service instances on behalf of their consumers, including working with other suppliers within the HSCN model where required - see the incident handling model section for more information. 
  • reporting Severity 1 incidents to the HSCN Service Co-ordinator. 
  • escalation to the Service Co-ordinator where the CN-SP are unable to make progress with or resolve an incident across multiple HSCN supplier networks - for example CN-SP to NHS Secure Boundary, or CN-SP to another CN-SP
  • providing you with performance data, to help you manage your contract and performance
  • providing an online customer relationship management (CRM) portal for you to see real-time statistics relating to your sites, access circuits and associated services
  • business as usual management and capacity reporting, and advice on service improvements, such as capacity increases if utilisation thresholds are breached

 Additional information on CN-SPs responsibilities can be found in the HSCN Mandatory Supplemental Terms.

NHS Digital

NHS Digital provide governance over the HSCN Operating Model and the suppliers providing HSCN.

NHS Digital are responsible for performing a service rehearsal with CN-SPs to provide assurance that the right systems and contacts are in place. This must be undertaken with all CN-SPs before they can provide live connectivity to HSCN customers. This forms part of the supplier compliance process.

NHS Digital are also responsible for:

  • acting as a service co-ordinator to HSCN, providing services defined in the HSCN Operational Design Overview
  • ensuring continued CN-SP compliance with the HSCN Obligations Framework
  • co-ordinating interventions between suppliers in the event that an incident spans more than a CN-SPs network and other suppliers (such as NHS Secure Boundary,, Peering Exchange Network (PN), other CN-SPs, TN-SP) are failing to adequately investigate 
  • receiving notification of certain Severity 1 incidents from CN-SPs
  • receiving notification of all Severity 1 and 2 incidents from central component suppliers
  • ongoing management of the HSCN Obligations Framework including addition of new strategic (or tactical) technical options/solutions and any changes to existing obligations
  • contract management for the central HSCN components - this includes, but is not limited to, NHS Secure Boundary, NAS and the PN. 
  • the NHS Digital Data Security Centre, who report and monitor traffic through the Network Analytics Service (NAS) and contact organisations if suspicious traffic is identified
  • managing the NHS Secure Boundary supplier, including provision of a firewall policy
  • reviewing and approving public cloud connectivity to HSCN
  • managing national quality of service (QoS) changes and the QoS values associated with the central HSCN infrastructure, in accordance with the HSCN Quality of Service policy and HSCN QoS - change requests and end-to-end configuration process

Previous chapter: HSCN consumer handbook: consumer overview

Next chapter: HSCN consumer handbook: live HSCN

Last edited: 6 January 2022 8:29 am