The following documents and application form are now available.
The HSCN Compliance Operating Model details the process and required activities that a supplier will need to undertake in order to achieve and retain HSCN Compliance. Please read this document prior to reading any of those detailed below as it will help you understand the overall process of becoming a HSCN Supplier and the compliance documentation structure.
This HSCN Compliance Release and Configuration Note (RCN) introduces the revised Operating Model and Obligations Framework and explains what we have changed, the reasons why and how the changes have been affected.
The HSCN Compliance application form must be completed by the supplier in order to apply for Stage 1 HSCN Compliance, this can be requested from NHS Digital by contacting email@example.com (FAO: Supplier Compliance Team).
Upon reaching Stage 1 compliance, suppliers will be permitted to use the HSCN Assurance Mark.
Compliance Addendum annex A is Appendix item 3 in the HSCN Compliance Operating Model. It indicates when suppliers must achieve compliance against the listed security controls. This is in order to obtain and maintain HSCN Compliance, in addition to the business continuity controls that need to be met in order to achieve the HSCN minimum compliance baseline.
The HSCN Security Compliance Statement was made in response to the announcement by the National Security Cyber Centre in September 2019, that the CAS(T) regime will be ceased. This document presents the interim network and security telco regime.
The HSCN Obligations Framework (Updated June 2021) describes the obligations that HSCN Suppliers shall adhere to for the supply, delivery and operation of HSCN Connectivity Services to HSCN Consumers.
The Migration Addendum presents the detail that CN-SPs will need covering migration processes and for Aggregated Procurements, to formalise the monitoring of migration run rates and the migration slot prioritisation process.
The Commercial Addendum details HSCN CNSPs’ obligations to report Financial Standing risks, and their process for managing these, to the HSCN Authority. It also contains the HSCN Consumer rights of novation.
The HSCN CN-SP Service Management Requirement Addendum provides additional detail for section 3 (Service Management Requirements) of the HSCN Obligations Framework.
The Consumer Network Service Provider (CN-SP) data reporting requirements is to be submitted periodically as instructed within the Service Management Addendum and service co-ordinator guidelines. This is the approved dataset requesting structured information to be used by the HSCN Authority for operational and service management purposes.
The HSCN Cloud Service Provider (CSP) Policy explains when a CSP can proceed with offering their 'value-add' capability, in a manner that does not undermine the HSCN operating model, or when they are required to become a CNSP. That is - if they are just providing a “pass-through connection” service to HSCN’s end users. To assist with this, a set of approved user access scenarios have been provided which show what a CSP would need to adhere to if they are to provide their 'value-add' capability to the wider HSCN user community.
The CN-SP Deed details HSCN Supplier and HSCN Authority undertakings required to ensure that the HSCN Connectivity Services are provided to an appropriate quality. The CN-SP Deed must be signed by the supplier in order to achieve Stage 1 HSCN Compliance and HSCN Supplier status.
The HSCN Mandatory Supplemental Terms provides a set of standard clauses that HSCN Suppliers must include in every HSCN Consumer Contract for the delivery of HSCN Connectivity Services.
The change control process describes the mechanism by which amendments will be made to the supplier compliance product set. This document is being drafted and will be discussed with the Innopsis group prior to publication.
HSCN inbound internet connectivity guidelines for CNSPs and consumers sets out the obligations fo CNSPs and provides guidance for consumers on inbound internet connectivity on HSCN.
This document sets out the Private IT service provider (ITSP) connecting from outside of England’s borders policy for the Health and Social Care Network