HSCN supplier information

Why you should become an HSCN connectivity supplier

HSCN will be delivered by multiple suppliers providing interoperable network services that adhere to an agreed set of standards. This means health and social care organisations are able to replace existing Transition Network connectivity services with HSCN services purchased from a choice of suppliers within a competitive marketplace.

Any network supplier able to demonstrate compliance with the HSCN standards (detailed in the HSCN Obligations Framework) will be able to sell and deploy HSCN network services to the health and care sector.

We've designed the HSCN Obligations Framework in consultation with industry in order to ensure close alignment with common industry standards and to maximise supplier participation in the HSCN Marketplace.

Whilst health and social care organisations will need to obtain HSCN compliant connectivity to support their business operations, we're not mandating any particular supplier or purchasing route for them to use. HSCN is designed to enable health and social care organisations to choose the suppliers and network solutions that best meet their needs.

HSCN will provide a large consumer base for suppliers

HSCN will open up access for suppliers to a large consumer base made up of both existing NHS organisations and the numerous non-NHS organisations becoming increasingly involved in the provision of health and care 

HSCN creates more opportunities for network and system suppliers

The HSCN standards have been designed to enable small, medium and large network suppliers to achieve HSCN compliance and sell connectivity services to the health and care sector. Suppliers with regional rather than national coverage will be able to take part and compete alongside larger suppliers.

If you believe your organisation meets the minimum standards as detailed in the HSCN Compliance Operating Model and you wish to become an accredited Consumer Network Service Provider on HSCN, please engage via email with [email protected] with any relevant information about your organisation.

Any N3 contacted voice and/or video business applications currently running on the Transition Network at customer sites need to be replaced prior to the migration of the network to HSCN. Read the NHS Digital guidance on procuring replacement services for further details.

The HSCN compliance model is made up of 3 stages:

• Stage 1 (pre-market): an audit based on obligation which must be met before the Supplier can connect to central capabilities and progress on to the next stage of the compliance process
• Stage 2 (pre-live): an audit based on obligations which must be met, and core infrastructure that must be connected to, before a supplier can begin to marketing, selling, and supplying services to consumers
• Ready for live service: a supplier (CN-SP) who has attained stage 2 compliance and has also completed the live service rehearsal

Additionally, there are ongoing post-live obligations which can only be proven by supplier performance once the supplier is delivering HSCN services. There will be regular assessments of supplier performance and adherence to the framework.

The table below shows the stage of HSCN compliance for each CN-SP and HSCN contact details for compliant suppliers.

Suppliers registered for the HSCN Access Services Dynamic Purchasing System (RM3825).

Suppliers must be HSCN Compliant in order to offer network connectivity services. Suppliers will therefore need to pass through the HSCN Compliance process.

Compliance stages for customers

The below is a brief overview of what stage 1 and stage 2 Consumer Network Service Provider (CN-SP) compliance means for HSCN customers.

Stage 1 compliance

HSCN stage 1 compliance demonstrates that a supplier is capable of delivering HSCN connectivity in a way that meets the obligations and adheres to the standards set out by NHS Digital in the HSCN Obligations Framework.

At this stage suppliers also sign a Deed of Undertaking with NHS Digital which binds them to comply with the HSCN Obligations Framework.

In order to market themselves as an HSCN Supplier and start engaging in HSCN procurements, suppliers must have achieved HSCN stage 1 compliance.

Stage 2 compliance

HSCN stage 2 compliance is achieved when suppliers provide NHS Digital with detailed solution design information and successfully connect to the HSCN central services (including the HSCN Peering Exchange).

When suppliers achieve stage 2 compliance, NHS Digital provides them with a certificate.

In order to deploy live HSCN connectivity, suppliers must have achieved stage 2 compliance. This means that the supplier must:

• have passed through the audit process covering their detailed solution and service management design
• have also successfully connected in to the HSCN Core Services

An HSCN supplier pack is available for connectivity suppliers who have applied for and achieved stage 1 HSCN compliance. Please email [email protected] with "HSCN Supplier compliance" in the subject line to request this guidance and documentation.  

We have documented the HSCN design within the two documents below.

This is the HSCN Operational Design Overview which describes the technical operating model for HSCN.

This is the HSCN Solution Overview which describes the technical infrastructure and HSCN services that support this.

The following documents and application form are now available.

The HSCN Compliance Operating Model details the process and required activities that a supplier will need to undertake in order to achieve and retain HSCN Compliance. Please read this document prior to reading any of those detailed below as it will help you understand the overall process of becoming a HSCN Supplier and the compliance documentation structure.

This HSCN Compliance Release and Configuration Note (RCN) introduces the revised Operating Model and Obligations Framework and explains what we have changed, the reasons why and how the changes have been affected.

The HSCN Compliance application form must be completed by the supplier in order to apply for Stage 1 HSCN Compliance, this can be requested from NHS Digital by contacting [email protected] (FAO: Supplier Compliance Team).

Upon reaching Stage 1 compliance, suppliers will be permitted to use the HSCN Assurance Mark.

Compliance Addendum annex A is Appendix item 3 in the HSCN Compliance Operating Model. It indicates when suppliers must achieve compliance against the listed security controls. This is in order to obtain and maintain HSCN Compliance, in addition to the business continuity controls that need to be met in order to achieve the HSCN minimum compliance baseline.

The HSCN Security Compliance Statement was made in response to the announcement by the National Security Cyber Centre in September 2019, that the CAS(T) regime will be ceased. This document presents the interim network and security telco regime.

The HSCN Obligations Framework (Updated January 2022) describes the obligations that HSCN Suppliers shall adhere to for the supply, delivery and operation of HSCN Connectivity Services to HSCN Consumers.

The CNSP-to-CNSP migration checklist presents a template that CN-SPs and consumers will need covering migration between network service providers.

The Commercial Addendum details HSCN CNSPs’ obligations to report Financial Standing risks, and their process for managing these, to the HSCN Authority. It also contains the HSCN Consumer rights of novation.

The HSCN CN-SP Service Management Requirement Addendum provides additional detail for section 3 (Service Management Requirements) of the HSCN Obligations Framework.

The Consumer Network Service Provider (CN-SP) data reporting requirements is to be submitted periodically as instructed within the Service Management Addendum and service co-ordinator guidelines. This is the approved dataset requesting structured information to be used by the HSCN Authority for operational and service management purposes.

The HSCN Cloud Service Provider (CSP) Policy explains when a CSP can proceed with offering their 'value-add' capability, in a manner that does not undermine the HSCN operating model, or when they are required to become a CNSP. That is - if they are just providing a “pass-through connection” service to HSCN’s end users. To assist with this, a set of approved user access scenarios have been provided which show what a CSP would need to adhere to if they are to provide their 'value-add' capability to the wider HSCN user community. 

The CN-SP Deed details HSCN Supplier and HSCN Authority undertakings required to ensure that the HSCN Connectivity Services are provided to an appropriate quality. The CN-SP Deed must be signed by the supplier in order to achieve Stage 1 HSCN Compliance and HSCN Supplier status.

The HSCN Mandatory Supplemental Terms provides a set of standard clauses that HSCN Suppliers must include in every HSCN Consumer Contract for the delivery of HSCN Connectivity Services.

The change control process describes the mechanism by which amendments will be made to the supplier compliance product set. This document is being drafted and will be discussed with the Innopsis group prior to publication.

HSCN inbound internet connectivity guidelines for CNSPs and consumers sets out the obligations fo CNSPs and provides guidance for consumers on inbound internet connectivity on HSCN.

This document sets out the Private IT service provider (ITSP) connecting from outside of England’s borders policy [Archive Content] for the Health and Social Care Network.

The HSCN release and configuration note outlines all the active and retired HSCN documentation. If you have any queries relating to any HSCN documentation, please contact HSCN by emailing [email protected].