Roles and responsibilities

HSCN consumers are responsible for:

• sizing, scaling, procuring and, once awarded, managing an HSCN service (and any associated overlays required by your organisation)
• understanding the differences between service level agreements (SLAs) and the service wrap depending upon the procurement route
• (once awarded and called off) undertaking supplier management of the consumer network service provider (CN-SP) against the contract including ensuring the supplier has meet their delivery obligations and, where this has not been achieved, managing the supplier to the point that service meets the contract
• manging the delivery of the services provided by CN-SPs either directly or through the appropriate CSU or CCG
• liaising with the CN-SP to ensure continual adherence of the HSCN contract, either directly or through the appropriate CSU or CCG
• ensuring the appropriate procurement mechanism was used to achieve the organisations requirements
• being aware of your CN-SP key contacts who will deal with all HSCN related queries - for example, this could include (but not limited to) the service/account manager and service desk
• nominating contacts for their sites to be used by NHS Digital when necessary - this needs to be kept up to date on the HSCN Portal
• maintaining compliance with relevant NHS Digital information governance and data security standards and accreditation (namely the DPST) as well as being aware of your obligations under the appropriate HSCN Connection Agreement
• applying for any access to applications, including those provided by NHS Digital, as well as that of any third-party applications a consumer may use
• signing appropriate HSCN Connection Agreement reflecting the role your organisation has for connecting to HSCN 
• compliance with NHS Digital IP Address Management (IPAM) Policy 

If your organisation provides IT services (such as infrastructure or hosting solutions) to other HSCN users, it is your responsibility to secure them and to make decisions about who can access those systems or services. This is covered in a different version of the Connection Agreement.

CN-SPs are required to provide the minimum service wrap standards that a CN-SP must meet for the HSCN connectivity services they deliver (as per Obligation Framework reference ID OPNSP.3). However, customers may require an enhanced level of service. The full details of these support arrangements should be detailed within the contract between a consumer organisation and their CN-SP.

CN-SPs are responsible for:

• compliance to the HSCN Obligations Framework, which can be found on the HSCN supplier information webpage
• compliance to the service levels and service level agreements as agreed with the customer
• provision of contact information for key customer contacts at the CN-SP
• information and guidance around the incident management process that customers will need to follow in the event of an incident
• providing a service desk for consumers to raise HSCN service incidents
• end-to-end ownership and management of incidents related to HSCN standalone service instances or integrated service instances on behalf of their consumers, including liaising with other suppliers within the HSCN model where required - see Incident handling for more information [add link]
• reporting some Severity 1 incidents as defined by the Service Management Addendum to the HSCN Service Co-ordinator
• escalation to the Service Co-ordinator where the CN-SP are unable to progress or resolve an incident that is across multiple HSCN supplier networks - such as CN-SP to Secure Boundary, CN-SP to another CN-SP
• providing performance data to their consumers, to support contract and performance management
• providing an online customer relationship management (CRM) portal for the customer to see real-time statistics relating to their sites, and access circuits and associated services
• business as usual management and capacity reporting and advice on service improvements (such as capacity increases if utilisation thresholds breached

Additional information on CN-SP responsibilities to supply HSCN connectivity services to an HSCN Consumer can be found in the HSCN Mandatory Supplemental Terms.

NHS Digital provide governance over the HSCN Operating Model and the suppliers involved in it. This includes:

• performing a service rehearsal with CN-SPs to provide assurance that the systems and contacts are in place as stated by the CN-SP - this rehearsal will have been undertaken with all CN-SPs prior to them being able to deploy live customers to HSCN (as part of the supplier compliance process)
• ensuring CN-SPs maintain compliance with the HSCN Obligations Framework
• ongoing management of the Obligations Framework as new strategic (or tactical) technical options/solutions may require changes to the existing obligations
• contract management for the central HSCN components
• the NHS Digital Data Security Centre (DSC) to report and monitor traffic through the Network Analytics Service (NAS) and contact organisations if suspicious traffic identified
• management of internet traffic and flow through the Secure Boundary solution - working with CN-SPs and consumers to allow and block business critical traffic to and from HSCN
• reviewing and approving Public Cloud connectivity to HSCN
• national quality of service (QoS) changes and the QoS values associated with the central HSCN infrastructure - further information can be found within HSCN technical policies and guidance

NHS Digital are also responsible for providing a service co-ordinator whose role is to:

• ensure the continued compliance with the Obligations Framework
• co-ordinate multi-supplier interventions in the event that an incident spans more than the CN-SPs network and other NSPs are failing to engage in investigation and support, such as Secure Boundary, Peering Exchange, NAS or other CN-SP
• receive notification of some Severity 1 incidents as defined by the Service Management Addendum from CN-SPs