The compliance model is made up of 3 core stages:
Stage 1
Obligations which must be reviewed and met before the Supplier can connect to central capabilities and progress on to the next stage of the compliance process. This step is the initial engagement which includes submission of the application form and high level design documents providing evidence of a suppliers service offering.
Stage 2 (pre-live)
The relevant obligations which must be met before a Supplier can begin marketing, selling, and supplying services to Consumers and connect to the HSCN Authority stood up services – the Peering Exchange Network, HSCN Data Security Centre Secure Boundary Service and the Network Analytics Service, this stage is part of the wider on-boarding process run by the Service Co-ordination function operated by the HSCN Authority (please refer to the HSCN Solution Overview).
Note: Once the Supplier commences delivery of services, they will be subject to a 3 month probation check where the Authority will run a set of checks to ensure that the Supplier is operating in adherence to the Obligations.
Stage 3 Live Operations Compliance Management (Post-live)
Obligations which can only be proven by Supplier performance once the Supplier is delivering HSCN services.
As part of Live Operations Compliance Management, there will be regular and an annual assessment of Supplier performance and adherence to the HSCN Obligations Framework and HSCN’s core network analysis and Service Co-ordinator capabilities will be brought in to play to achieve this
If a Supplier is found to be non-compliant with any obligation the HSCN Authority can invoke a number of remedies, the ultimate of which would be to revoke Compliance – this process is detailed later in this document. This process would be governed by the conditions set out in the CN-SP Deed and would require formal HSCN Senior Responsible Owner (SRO) approval.
In addition to the HSCN Obligations Framework being used as a basis for Compliance, the Compliance process is supported by three further key governing mechanisms
1. The CN-SP Deed: The deed, which is signed as part of Stage 1, ensures that the Supplier will adhere to the obligations set by the HSCN Authority and that the Supplier will co-operate with other Suppliers operating in the disaggregated HSCN eco-system. It is a legally binding document between the HSCN Authority and each CN-SP. The deed is therefore the key legal mechanism that supports the Compliance process and the HSCN Obligations Framework itself.
2. The Mandatory Supplemental Terms (MST): A set of HSCN terms and conditions that also support Compliance and the HSCN Obligations Framework. The MST must be included in the CN-SP/Consumer contract.
3. Memorandum of Understanding (MoU): The MoU sets out the obligations on the Supplier and the HSCN Authority in respect of progressing through the Compliance Process.
The Supplier’s attention is drawn to Clause 5.0 (in particular 5.2) of the CN-SP Deed which may require the Supplier to agree to additional Security Risk Assessments (to be defined between the HSCN Authority and the Supplier).
Figure 1 (below) explains diagrammatically how all of these components work together.