Skip to main content

Services provided by the Organisation Data Service

The Organisation Data Service provides a number of services, including authentication for some Open Exeter services, code allocation and updating and maintaining the registers for Caldicott Guardians, Senior Information Risk Owners and Information Asset Owners.


To ensure secure user access into Systems and Service Delivery (SSD) systems we process Data User Certificates (DUCs), submitted by Senior Risk Information Owners (SIRO) and Information Asset Owners (IAOs) for nominated user access.

Once appropriate sign-off is verified, we create user accounts on the Open Exeter system.

We process DUCs for Bureau Service Portal which includes: 


A person from the relevant organisation can revoke these accounts, or second line teams on retrieval of NHSMail notification that a user has left the organisation.

Who the service is for

Users that require access SSD systems via the Open Exeter system.

How to use the service

Complete the appropriate DUC and get sign off from your organisation's SIRO/IAO. Completed DUC forms should be sent by the SIRO/IAO from their own email address to, unless the form states differently.

Code allocation, amendments and closures

An ODS code is a unique identifier allocated to organisations and their sites. We issue codes to NHS and non-NHS organisations that interact with the Health and Social Care Sector and need access to national IT systems and services.

Once an ODS code is issued and published on our database, the Spine is updated in real time and the code is active here immediately. The codes are published in our ODS Portal and ODS API Suite within 24 hours. The ORD XML file and Data Downloads are updated in line with the ODS Production Schedule.

Note that a presence on Spine does not provide an organisation with automatic access to Spine based systems and applications. Access control mechanisms are in place for different applications. You'll need to contact the particular IT system(s) to arrange your organisation's access where required.

Who the service is for

Organisations requiring an ODS code.

How to use the service

NHS organisations and Independent Sector Healthcare Providers (ISHPs) should have a named OC1 contact, responsible for requesting:

  • amendments to their organisation (if not governed by a Statutory Instrument) or site code names
  • amendments to their organisation or site code address details
  • closure of their organisation or site codes
  • registration of additional OC1 contacts

Please see OC1 guidance on how to request a code.

Non-NHS Organisations without an OC1 will need to complete the Organisation Code Request Form.

If you're unsure if your organisation has an OC1 in place, or who your OC1 is, please raise a call for the ODS team via:

Data queries

Customer support

Our Support team provides specialist support to its customers. The team manages requests for services listed on this webpages and all queries related to ODS published data. Examples of the type of data queries we receive include:

  • providing assistance to system and data suppliers
  • parliamentary Questions
  • freedom of Information (FOI) requests
  • advising on historical NHS hierarchical information
  • research or academia related requests

Who the service is for

Anyone who has a query about ODS published data or requires use of a service listed on this webpage.

How to use the service

Raise a call for the ODS team via:


Access Organisation Data Service forms, including abeyance and dispersal, consultant template and the ODS organisation contact form (OC1).

Loading consultant and GP information to the Spine


We load General Medical Council (GMC) codes against doctor's smartcards at the person node level of the Spine. This enables functionality in Spine based system, such as named clinician functionality on the NHS e-Referral Service (e-RS).

Who the service is for

Registration Authorities working on behalf of an NHS trust.

How to use the service

Complete the SDS consultant template request and send to the ODS team at


We load General National Codes (GNC) against a GP's smartcard at the person node level of the Spine. This enables functionality within Spine based systems, such as GP2GP and Electronic Prescription Services (EPS).

Who the service is for

Primary Care Registration Authorities.

How to use the service

Raise a call for the ODS Team at


The ODS API Suite has been designed for organisations and developers to access ODS information on health and social care organisations.

The ODS portal

The ODS portal is a quick and easy way to search organisation details.


When there is a change in organisational control, usually after a merger, acquisition, split or change in organisational status, we offer guidance to affected organisations on how their organisation codes may need to change as a consequence.

Where organisation codes are required to change we can also advise affected organisations of some key systems and services that they will need to contact to migrate or close down activity, for example, Registration Authorities, System Suppliers, NHSMail, NHS.UK and Spine compliant systems such as e-RS.

How to use the service

See our guidance about changes in 2019.

Raise a call for the ODS Team with the

You can now log and monitor your own calls on the Cherwell Self Service Portal. To register contact or call 0300 3034034.

Registration Authority (RA) hierarchies

We maintain RA hierarchies on the Care Identity Service (CIS) by adding or amending the RA parent of an organisation.

CIS is an identity management system, hosted by NHS Digital. CIS is an identity management system, hosted by NHS Digital. It operates user authentication and access control services for Spine applications and supports Information Governance (IG) policy.

Who the service is for

RA Managers who need their organisation to be RA parented by or RA parenting another organisation.

How to use the service

The RA Manager should submit an RA08 form to the to request that an RA Parent is created or amended.

Register and directory updates

We maintain and publish the Caldicott Guardian, Senior Information Risk Owner, Information Asset Owner registers and Safe Haven Directory. Register information is available on the ODS Portal twenty four hours after it has been updated by the ODS Support Team.

Caldicott Guardian and SIRO forms can only be submitted by the authorised signatory.

Organisation Authorised Signatory
CCG Chief Operating Officer/Chief Accountable Officer
CSU NHSCB Caldicott Guardian / NHSCB Board member
Executive Agency Chief Executive
GP Practice Senior Partner / Practice Manager
NHS Commissioning Board Chief Executive
NHS Trust Chief Executive
Non NHS Chief Executive / Director (or equivalent)
Region Geography NHSCB Caldicott Guardian / NHSCB Board member

Caldicott Guardian

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of people's health and care information and making sure it is used properly.

All NHS organisations and local authorities providing social services must have a Caldicott Guardian. 

Note: ODS do not hold information for Caldicott Guardians in Scotland, Northern Ireland, Isle of Man or Channel Islands. These are maintained by separate organisations.

Download the Caldicott Guardian register (published 16 October 2020)
To register your organisation's Caldicott Guardian, please complete this form

Senior Information Risk Owners 

A Senior Information Risk Owner (SIRO) is an Executive Director or member of the Senior Management Board of an organisation with overall responsibility for an organisation's information risk policy.

The SIRO is accountable and responsible for information risk across the organisation. They ensure that everyone is aware of their personal responsibility to exercise good judgement, and to safeguard and share information appropriately.

A SIRO is responsible for user access into Systems and Service Delivery (SSD) systems and this is done by submitting a Data User Certificate (DUC) via the Exeter helpdesk at The ODS Team will process the form, when sign off has been verified, and set up the user account on the Open Exeter system.  There is only one registered SIRO per organisation, however they can delegate responsibility of user access sign-off to a Deputy SIRO or an Information Asset Owner (IAO).  A Deputy SIRO should only be used when the nominated SIRO is absent and the application is urgent.

Download the SIRO register (published 16 October 2020)
To register your organisation's SIRO, please complete this form

Information Asset Owner

The Information Asset Owner (IAO) will be a senior member of staff who is the nominated owner for one or more identified information assets of the organisation. IAOs will support the organisation's SIRO in their overall information risk management function as defined in the organisation's policy. 

The IAO nomination form must be sent by the registered SIRO from the SIRO's email account. There is no limit to the number of IAO's a SIRO can nominate within their organisation.

Download the IAO register (published 16 October 2020)
To nominate an IAO, please complete this form

Safe Haven Directory

Safe Havens have been set up in the NHS to ensure that confidential patient data can be transmitted and stored securely. Get the latest Safe Haven downloads.

XML Organisation Data Products

XML data is the replacement for CSV files which will be removed from publication in 2021 as part of the Organisation Reference Data Changes (ORD Changes) project. XML data for use in live systems is released on a monthly basis via TRUD. Find out more about XML Organisation Data products.

Last edited: 16 October 2020 3:09 pm