Date: Thu, 28 Mar 2024 10:29:31 +0000 (UTC) Message-ID: <421051388.51.1711621771931@77bbbbcf2a9b> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_50_1710175278.1711621771930" ------=_Part_50_1710175278.1711621771930 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Supports best practices for infrastructure and hosting of systems. For e= xample, ensuring that systems are cost effective, secure and energy efficie= nt.It is essential that Solutions delivered under the Catalogue and Framewo= rks follow standards and guidance, that are cost effective, secure, reliabl= e, resilient, safe, manageable and energy efficient.
The previous GPSoC infrastructure requirements pulled together best prac= tice from recognised standards and industry guidance, however, feedback fro= m Suppliers and other stakeholders identified that these requirements were = complex and challenging to evidence as part of the assurance process.
In addition it is a Suppliers responsibility to ensure they fully unders= tand industry standards & best practice and cannot rely on the Authorit= y explicitly defining requirements at a point in time. The previous require= ments documents were developed at a point in time and technology and securi= ty vulnerabilities change rapidly.
Whilst UK Government has promoted a Cloud First policy, it is only recen= tly (2018) that the hosting within public cloud has become a reality for he= alth based services.
The Technology Strategy has a fundamental principle of delivery of servi= ces via cloud provision and specifically the architecting of Solutions to b= e cloud native.
The Authority recognises that cloud hosting may not be appropriate = for some services e.g. based on the sensitive and scale of data or the mann= er in which the service is architected.
Fundamentally there are three core options for hosting services:-
Applicable Framework(s) |
Hosting Option |
Description |
Preference Status |
Level |
Section |
---|---|---|---|---|---|
All |
Cloud =E2=80=93 Public or Private |
The Public / Private cloud provider offers self-managed virtualised, ela= stic/on demand scalable infrastructure as a service where the cloud provide= r owns the underlying datacentres and physical infrastructure. The Supplier= rents the use of the virtualised infrastructure. |
Strongly Preferred |
Suppliers SHOULD host Solutions via one of these options. |
|
|
Colocation |
The physical infrastructure is owned by the Supplier and hosting of the = physical infrastructure is provided within the Colo providers datacentres, = The management of the infrastructure can be done by the Colo provider, a 3<= sup>rd party or the Supplier themselves. |
Preferred |
<= /td> | |
|
Provider own facilities |
The datacentres and physical infrastructure are owned by the Supplier. T= he management of the infrastructure can be done by a 3rd party o= r the Supplier themselves. |
Not recommended |
The Authority does not recommend the Suppliers should attempt to host se= rvices themselves due to the cost and complexity of providing data centre c= apabilities that meet the necessary requirements.
Previously the GPSoC framework provided a set of requirements for local = hosting of services. Given the security and service risks of thi= s form of infrastructure the Catalogue and Frameworks will not formally ass= ure local hosting of services. Buyers purchasing services which = are locally hosted will be required to satisfy themselves that the security= and service risks are mitigated and managed appropriately.
The standards to support infrastructure and hosting are split into two s= ections, depending on the mechanism being deployed:-
Cloud =E2=80=93 Based on published NHS wide risk assessments and guidanc= e
CoLocation / provider facilities =E2=80=93 specific requirements & a= ssurance processes
The following is a summary of the "NHS and social care data: off-shoring= and the use of public cloud services" gathered from cloud guidance informa= tion published by the Authority. It makes clear what evidence is to be soug= ht from a Supplier, where it is deemed necessary to assure compliance with = the 4 step process.
Some key points of note:
All decisions in relation to the security of data are the responsibility= of the data controller(s). Also, in many cases organisations will have a S= IRO responsible for data and cyber security
Where a professional body exists, there is certainly merit in seeking th= eir approval for the migration of data to cloud, but ultimately the data co= ntroller remains the key approver
Data Controllers need to understand the risks of moving to cloud, and an= y impact
Data controllers must take into account the standard CIA triad (confiden= tiality, Integrity, Availability), and also other relevant factors, includi= ng, but not limited to, cost, security, resilience, capability and funding<= /p>
The 4 steps to inform the data controller on a risk based decision are d= etailed below.
Applicable Framework(s)= p> |
Step |
Step Description |
Evidence |
All |
Step 1 - Understand the data |
All data managed by NHS and social care organisations should be treated = as OFFICIAL or OFFICIAL-SENSITIVE data, in line with the Government Securit= y Classification Policy. The Authority has further elaborated the very broad classifications. The= Health and Social Care Cloud Risk Model is more granular than the Governme= nt Security Classification Policy. |
EVIDENCE r= equested for step 1:
|
All |
Step 2- Assess the Risks |
The Authority's Health and Social Care data risk framework and associate= d data risk model are both used to establish the risk level of the data. Ty= pically Personally Identifiable Data (PID) would be Level 5. Please refer t= o the link NHS and social care data: off-shoring and the = use of public cloud services for latest versions of Cloud risk fra= mework and Health and social care data risk model. |
EVIDENCE r= equested for step 2:
|
All |
Step 3 - Implement the appropriate con= trols |
Care organisations, such as GPs, retain the data controller responsibili= ties and they are therefore ultimately responsible for = ensuring that proportionate controls are put in place to mitigate all risks= . The data controllers may rightly request to see these controls (proposed = by the Supplier) before considering any migration to cloud. |
EVIDENCE r= equested for step 3:
|
All |
Step 4 - Monitoring the Implementation |
All cloud providers take on data processor responsibilities, with Care o= rganisations (e.g. GP practices) retaining the data controller responsibili= ties, and they must ensure the selected cloud provider remains fit for purp= ose. |
EVIDENCE r= equested for step 4:
|
The scope of this document covers the infrastructure requirements a Supp= lier must meet when providing services where a Supplier has co located= their service & infrastructure within a data centre providers faciliti= es OR where the Supplier is using their own facilities. The requirements wi= ll cover a number of aspects including but not limited to:
Provision of power and cooling
Networking and IT Infrastructure
Management of the Data Centre
Physical presence of the data centre and the IT build processes
Racks
Mechanical and electrical plant
Data Floor
Operating Systems / Virtualisation
Software (Solution Management)
Business practices
Security
For the avoidance of doubt these requirements do not cover cloud provisi= on.
Unless stated otherwise, the evidence expected for each requirem= ent is to provide formal confirmation of compliance to the requirement.
In addition to the below requirements the following standards (or equiva= lent) MUST be adhered to and where appropriate, accreditation achieved = ;with a valid certificate and a Statement of Applicability (SoA) and docume= nted scope provided.
Applicable Framework(s) |
Req. ID |
Standard |
Name |
Description |
Level |
Evidence |
---|---|---|---|---|---|---|
All |
ES1.0 |
NHS and social care data: off-shoring and the use of public= cloud services guidance |
NHS and social care data: off-shoring and the use of public cloud servic= es guidance |
The geographical location (or specific range of locations) of the clinic= al data at rest and service management activities at any given time are to = be known and communicated to the Authority. Operating the Solution or elements of the Solution outside of England wi= ll be with the permission of the Authority, the data controllers = and their representative organisations. Note: There are no absolute barriers to th= e off-shoring of data or services, although the requirements of UK Governme= nt IA policy must be able to be met in the overseas location. See Data Prot= ection Act and Offshoring for statements on the offshoring of information.<= /p> |
MUST= p> |
Provide formal confirmation of compliance to requirement. |
All |
ES2.0 |
Sanctions, embargoes and restrictions |
The Supplier will require approval from the Authority for any = part of the Solution that is hosted or communicates with services outside o= f England. The communication between systems will not be made to those countri= es or states prohibited by Government Policy. |
MUST= p> |
Provide formal confirmation of compliance to requirement. |
|
All |
ES3.0 |
Certified cyber security |
Protect your organisation against cyber attack |
MUST= p> |
Supplier should have a valid Cyber Essential Plus Certificate. |
|
All |
ES4.0 |
ISO/IEC 27001 |
ISO/IEC 27001 specifies the requirements for establishing, implementing,= maintaining and continually improving an information security management s= ystem within the context of the organisation. It also includes requirements= for the assessment and treatment of information security risks tailored to= the needs of the organisation. The requirements set out in ISO/IEC 27001 are generic and are intended t= o be applicable to all organisations, regardless of type, size or nature.= p> |
SHOULD |
ISO/IEC 27001 Accreditation |
|
All |
ES5.0 |
ISO 9001:2015 |
ISO 9001:2015 specifies requirements for a quality management system whe= n an organisation: a) needs to demonstrate its ability to consistently provide products and= services that meet customer and applicable statutory and regulatory requir= ements, and b) aims to enhance customer satisfaction through the effective applicati= on of the system, including processes for improvement of the system and the= assurance of conformity to customer and applicable statutory and regulator= y requirements. All the requirements of ISO 9001:2015 are generic and are intended to be= applicable to any organisation, regardless of its type or size, or the pro= ducts and services it provides. |
MUST= p> |
Data Centre Provider - Valid ISO 9001:2015 Certifi= cate or evidence of compliance with Quality Management procedures aligned t= o ISO 9001. |
|
|
ES7.0 |
ISO 14001:2015 |
ISO 14001:2015 specifies the requirements for an environmental managemen= t system that an organisation can use to enhance its environmental performa= nce. ISO 14001:2015 is intended for use by an organisation seeking to manag= e its environmental responsibilities in a systematic manner that contribute= s to the environmental pillar of sustainability. ISO 14001:2015 helps an organisation achieve the intended outcomes of it= s environmental management system, which provide value for the environment,= the organisation itself and interested parties. Consistent with the organi= sation 's environmental policy, the intended outcomes of an environmental m= anagement system include: =C2=B7 enhancement of environmental performance =C2=B7 fulfilment of compliance obligations =C2=B7 achievement of environmental objectives ISO 14001:2015 is applicable to any organisation , regardless of size, t= ype and nature, and applies to the environmental aspects of its activities,= products and services that the organisation determines it can either contr= ol or influence considering a life cycle perspective. ISO 14001:2015 does n= ot state specific environmental performance criteria. ISO 14001:2015 can be used in whole or in part to systematically improve= environmental management. Claims of conformity to ISO 14001:2015, however,= are not acceptable unless all its requirements are incorporated into an or= ganisation 's environmental management system and fulfilled without exclusi= on. |
MAY<= /p> |
Data Centre Provider - Valid ISO 14001:2015 Certif= icate or evidence of compliance with Environmental Management procedures al= igned to ISO 14001. |
|
|
ES8.0 |
ISO 50001:2018 |
This document specifies requirements for establishing, implementing, mai= ntaining and improving an energy management system (EnMS). The intended out= come is to enable an organisation to follow a systematic approach in achiev= ing continual improvement of energy performance and the EnMS. This document: a) is applicable to any organisation regardless of its type, size, compl= exity, geographical location, organisation al culture or the products and s= ervices it provides b) is applicable to activities affecting energy performance that are man= aged and controlled by the organisation c) is applicable irrespective of the quantity, use, or types of energy c= onsumed d) requires demonstration of continual energy performance improvement, b= ut does not define levels of energy performance improvement to be achieved<= /p> e) can be used independently, or be aligned or integrated with other man= agement systems Annex A provides guidance for the use of this document. Annex B provides= a comparison of this edition with the previous edition |
MAY<= /p> |
Data Centre Provider - Valid ISO 50001:2018 Certif= icate or evidence of compliance with Energy Management procedures aligned t= o 50001. |
|
|
ES9.0 |
BS 6701:2010 |
If you work in the telecommunications industry, and are responsible for = installing, operating or the administration and maintenance of copper or op= tical fiber cabling or equipment, then this newly-revised standard will be = of interest. Conformance to specific aspects of BS 6701 is a requirement of the = Wiring Regulations (BS 7671)= and is applicable in virtually all premises. In addition, it ad= dresses cabling external to buildings and should be followed by anyone inst= alling cabling. Correctly specified and installed cable management systems ensure that t= elecommunication cabling performs at its best =E2=80=93 so it is important = that cable management be considered from the start of a project. In addition to specifying the requirements beyond the scope of the = BS EN 50174 series of s= tandards for telecommunications cabling, BS 6701 provides requirements for = installing telecommunications equipment. The application of BS 6701 will en= sure that equipment is properly set up, which means the customer will be re= assured their risk-managed cabling installations work to optimum performanc= e, thus assuring more profitable business practice. As one of the few national standards that are directly linked to the EN = 50174 series, BS 6701 could also be used in other countries. It supports al= l cabling media. |
SHOULD |
Data Centre Provider - A valid BS 6701:2010 Certif= icate required from UKAS registered accreditation organisation. |
|
|
ES10.0 |
EU Code of Conduct<= /p> |
EUCoC |
This Code of Conduct has been created in response to the increasing ener= gy consumption in data centres and the need to reduce the related environme= ntal, economic and energy supply security impacts. The aim is to inform and= stimulate data centre operators and owners to reduce energy consumption in= a cost-effective manner without hampering the mission critical function of= data centres. The Code of Conduct aims to achieve this by improving unders= tanding of energy demand within the data centre, raising awareness, and rec= ommending energy efficient best practices and targets. |
SHOULD |
Provide formal confirmation of compliance to requirement. |
All |
ES11.0 |
GDPR / DPA 2018 |
The Guide to the GDPR explains the provisions of the GDPR to help organi= sations comply with its requirements. It is for those who have day-to-day r= esponsibility for data protection. The GDPR forms part of the data protection regime in the UK, together wi= th the new Data Protection Act 2018 (DPA 2018). The main provisions of this= apply, like the GDPR, from 25 May 2018. |
MUST= p> |
Provide formal confirmation of compliance to requirement. |
|
|
ES13.0 |
BS EN 50600-2-1:2014. Bui= lding construction (Minimum availability class 3) |
BS EN 50600-2-1:2014 |
The unrestricted access to internet-based information demanded by the in= formation society has led to an exponential growth of both internet traffic= and the volume of stored/retrieved data. Data Centres are housing and supp= orting the information technology and network telecommunications equipment = for data processing, data storage and data transport. They are required bot= h by network operators (delivering those services to customer premises) and= by enterprises within those customer premises. Data Centres need to provide modular, scalable and flexible facilities a= nd infrastructures to easily accommodate the rapidly changing requirements = of the market. In addition, energy consumption of data centres has become c= ritical both from an environmental point of view (reduction of carbon footp= rint) and with respect to economical considerations (cost of energy) for th= e data centre operator. The implementation of data centres varies in terms of: The needs of data centres also vary in terms of availability of service,=
the provision of security and the This series of European Standards specifies requirements and recommendat=
ions to support the various parties involved in the design, planning, procu=
rement, integration, installation, operation and maintenance
|
SHOULD |
Suppliers MUST be able to provide evidence to demonstrate alignment with= the scope and aims of BS EN 50600. Note. Formal accreditation (when available) will b= ecome a mandatory requirement as detailed in the Standards Roadmap. |
|
ES14.0 |
BS EN 50600-2-2:2014. Pow= er distribution (Minimum availability class 3) |
BS EN 50600-2-2:2014 |
SHOULD |
||
|
ES15.0 |
BS EN 50600-2-3:2014. Env= ironmental control (Minimum availability class 3) |
BS EN 50600-2-3:2014 |
SHOULD |
||
|
ES16.0 |
BS EN 50600-2-4:2015. Tel= ecommunications cabling infrastructure (Minimum availability class 3) |
BS EN 50600-2-4:2015 |
SHOULD |
||
|
ES17.0 |
BS EN 50600-2-5:2016. Sec= urity systems (Minimum availability class 3) |
BS EN 50600-2-5:2016 |
SHOULD |
||
|
ES18.0 |
BS EN 50600-3-1:2016. Man= agement and operational information (Minimum availability class 3) |
BS EN 50600-3-1:2016 |
SHOULD |
||
|
ES19.0 |
BS EN 50600-4-1:2016. Ove= rview of and general requirements for key performance indicators (Minimum availability class 3) |
BS EN 50600-4-1:2016 |
SHOULD |
||
|
ES20.0 |
BS EN 50600-4-2:2016<= /a>. Power Usage Effectiveness (Minimum availability class 3) |
BS EN 50600-4-2:2016 |
SHOULD |
This section is concerned with the physical aspects of a Data Centre inc= luding where the Data Centre is located, some of its physical attributes an= d factors near that data centre which could affect its operation and securi= ty.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
|
HPA4.0 |
Data Centre Locations: The Supplier will provide the data centre address and the current d= ata centre owner=E2=80=99s / operator=E2=80=99s details, to the Authority.<= /p> |
MUST= p> |
|
HPA5.0 |
Data Centre Build: The Supplier will provide the build date of the data centre, its current= age and any planned or expected data centre services uplift or refit cover= ing but not limited to:
|
MUST= p> |
|
HPA16.1 |
Data Centre Intrusion Detection: The Supplier will ensure that the data centre perimeter is protecte= d by an IDS (Intrusion Detection System) compliant to BS EN 50131-1:2006.= p> |
SHOULD |
|
HPA25.0 |
Data Centre Vehicle Access: The Supplier=E2=80=99s data centre will have arrangements such that a ve= hicle is unable to enter the site before all the checking of the vehicle an= d driver has been completed. The gate will prevent the tail= gating of vehicles. |
MUST= p> |
|
HPA32.0 |
Data Centre - declaration of Resilience: The Supplier=E2=80=99s Solution will provide at a minimum two separ= ate geographically physical locations to hold the data and capability to ru= n the services. The distance between the two locations will be s= uch that they cannot both be affected by concurrent loss due to overlapping= items on the Location Risk Assessment. |
MUST= p> |
|
HPA34.0 |
Data Centre Access Declaration: The Supplier will provide permanent access to the data centre and e= quipment, supported by an access request process of 24hrs notice for normal= maintenance requests and 1hr for emergency access, with unlimited frequenc= y, for the purpose of maintaining the systems and services. Note: If the hosting provider is a 3rd party / sub-cont= ractor to the Supplier and escorted access is the policy enforced then perm= anent access to the data centre will still be provided. |
MUST= p> |
This section covers the power to the Data Centre, Data Hall and cabinets= .
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
|
HPW11.0 |
Data Centre Standby Operation: Refueling of the tanks for the generators will be possible with the= generators in use. |
MUST= p> |
This section is concerned with the physical infrastructure that makes up= the service, how it is built and the policies around its setup.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
|
HI2.0 |
Log File Timestamp: The Supplier to ensure that log files written, even if the device is pas= sive, will write the log with the synchronised time to NHS Network and= written in UTC but can be displayed in the Supplier=E2=80=99s application = in local time. |
MUST= p> |
|
HI3.0 |
Time Synchronisation: The Supplier will ensure the infrastructure=E2=80=99s time is synchronis= ed with a NHS & National Apps, Cloud / CNSP NTP service, delivered as a= minimum, by a stratum 3 service. |
MUST= p> |
|
HI5.0 |
The Supplier to ensure that message time stamping is performed using UTC= , for all infrastructure, but can be displayed in the Suppliers supported a= pplications in local time. Note: This requirements scope is the infrastruct= ure; see IG Requirements for further related time stamping and representati= on. This requirement is to ensure that there is a consistent time stamping = policy across all infrastructures and messaging so that correlation c= an occur locally, between Suppliers and also national applications. The req= uirement is to ensure that the raw date use is of the format defined. = Local support applications (Applications used to manage the service) can r= epresent the date in their local time if required and in line with the IG R= equirements. |
MUST= p> |
|
HI9.0 |
Support Agreement Confirmation: The Supplier to ensure that all hardware, devices, servers and component= s have support agreements in place to replace faulty items if they fail.&nb= sp; The replacing of components will not impact live service and meet SLA a= nd planned down time agreements. |
MUST= p> |
|
HI13.0 |
Live Service Separation: The Supplier will ensure that Live environments are segregated from the = development activity by using processors, virtual servers, domains and part= itions that are not in use by live and by storing development utilities awa= y from the live environment. |
MUST= p> |
This section is concerned with servers that provide clinical application= s, including operating systems and use of virtualisation.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
|
HS9.0 |
Server Operational Design: Hardening: The Supplier will ensure that all operating systems and applications hav= e undergone a hardening process to ensure only the necessary services are i= n place, within their domain of responsibility in the equipment and service= s they provide. Note: Hardening is the process of securing a sys= tem reducing its vulnerability, through the use of patching, removal of unn= ecessary software and services. Good Practice guidance can be found on the NHS Digital= website The Supplier to ensure that due diligence to hardening is performed for = their domains of responsibility. If the Supplier is responsible for the hardware / OS then this hardening= will be performed on the hardware and OS. If the Supplier only provides application software then the necessary ha= rdening will have been performed on that application software. If the mobile device hardware (Phone, Medical Device, mobile appliance) = is provided by the Supplier as part of their Solution then hardening on the= components they have provided will have been performed. Where a BYO device is used the Supplier will ensure their application is= hardened to protect the data and application. |
MUST= p> |
|
HS20.0 |
Server Operational Design: Application Security: The Supplier will ensure that servers are configured to disable or restr= ict:
|
MUST= p> |
|
HS24.0 |
Server Operational Design: Virtualisation: The Supplier to ensure that physical servers hosting virtual instances a= re protected from resource overload (e.g. excessive use of the CPU, memory,= hard disk and network). |
MUST= p> |
This section covers the use of networks in the provision of the Supplier= =E2=80=99s service. The NHS Wide Area Network is now known as HSCN; re= ferred to as the =E2=80=9CNHS Network=E2=80=9D below.
The Health and Social Care Network&= nbsp;(HSCN) is the successor to N3. In 2018 = N3 was already closed to new implementations when NHS Digital published its= 'Internet First' strategy. The strategy mandates that health systems shoul= d be designed to use the Internet rather than HSCN.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
All |
HNT1.0 |
External Networking: The Supplier=E2=80=99s data centre to be connected to the Internet and t= he NHS Network, for clinical services holding PID that are accessed from ei= ther an Internet or NHS Network attached end point. |
MUST= p> |
All |
HNT1.1 |
External Networking Termination: If the Suppliers data centre are connected to the NHS Network terminatio= n will be from an approved termination point. |
MUST= p> |
All |
HNT1.2 |
External Networking - Spine Services: The Supplier=E2=80=99s data centre to be connected to the Internet and t= he NHS Network, for services that communicate with national systems. (PDS, = TMS, etc.) |
MUST= p> |
All |
HNT1.3 |
Network Security: The Supplier will respond to the Authorities request for informatio= n around security, network settings and ports used, from time to time, in h= ow their services operate across the NHS Network, to support the NHS Networ= k QoS Policy over HSCN. |
MUST= p> |
All |
HNT2.0 |
Network - QoS: Communications in and out of the data centre will adhere to the HSC= N connection Agreement and NHS Network QoS policy for the classification of= data across the network, to enable network traffic prioritisation and =E2= =80=98class of service=E2=80=99 to reduce network latency. The Supplier wil= l evidence their adherence to the QoS policy, to the Authority, for ch= anges to the system in how it communicates across the NHS Network, prior to= release. Note: |
MUST= p> |
All |
HNT2.1 |
NHS Network Connectivity: The Supplier=E2=80=99s NHS Network connections to be compliant with the = HSCN Connection Agreement and compliant with the DNS and IP addressing poli= cies for the network, where HSCN is used. |
MUST= p> |
All |
HNT3.1 |
NHS Networking Compliance: The Supplier to provide evidence that the system complies with the requi= rements and best practice operating principals and guidance when operating = over the NHS Network. Specifically the system to:
|
MUST= p> |
All |
HNT4.0 |
QoS Policy Acceptance: The Supplier will have completed a NHS Network QoS Policy review, w= here the Suppliers application makes use of or is accessed across the NHS N= etwork, have demonstrated the application and services adhere to the NHS Ne= twork policy. NHS Network QoS rules may need to be amended as a part = of this review. Updates to refreshed QoS policies to be applied as required= . = |
MUST= p> |
All |
HNT6.0 |
Data Centre Network Connectivity: The Supplier will provide the details of any carriers and the redun= dancy of all communications utilised in and out of the data centre as part = of the Solution. This is to include but not limited to:
|
MUST= p> |
All |
HNT7.0 |
Data Centre Network Resilience: The data centre will have dual Internet and dual NHS Network connec= tions via two exchanges, where available. |
MUST= p> |
All |
HNT21.0 |
Remote Application Connectivity: The Supplier to ensure that all connections to remote servers and applic= ations are authenticated. |
MUST= p> |
All |
HNT22.0 |
Remote Management Connectivity: The Supplier to ensure that access to diagnostic ports for network and s= erver components are securely controlled. |
MUST= p> |
All |
HNT23.0 |
Network Segregation: The Supplier will segregate the networks that support deployments f= rom other unrelated services to ensure the appropriate level of service.&nb= sp; |
MUST= p> |
All |
HNT30.0 |
Network Access User Security: The Supplier to ensure network devices are restricted to authorised netw= ork staff, using access controls that support individual accountability, an= d protected from unauthorised access / configuration / updates. |
MUST= p> |
All |
HNT31.0 |
Network Device Security: The Supplier to ensure network devices that perform routing (e.g. router= s and switches) are configured to prevent unauthorised or incorrect updates= by:
|
MUST= p> |
All |
HNT36.0 |
Wireless Network Design: The Supplier to ensure there are documented standards / procedures at th= e appropriate level and implemented for controlling wireless access to the = network, which cover:
|
MUST= p> |
All |
HNT38.0 |
The Supplier to ensure that new services or applications are accessible = from the internet. New services or applications are those which = are NOT currently deployed into an operational environment. |
MUST= p> |
All |
HNT39.0 |
The Supplier to ensure existing services or applications are transitione= d to comply with the Internet First strategy in line with the Authority's p= ublished guidance (see Standards Road map). |
MAY<= /p> |
All |
HNT40.0 |
The Supplier to ensure HSCN connectivity is procured where there are any= systems or services the Supplier needs to reach that are only on the HSCN = network. |
MUST= p> |
This section details the requirements in relation to how ICT services pr= ovided by a Supplier are managed. The optimisation of resources and improve= d performance are achieved by adopting best practices for fault monitoring = and management, configuration management, security management, bandwidth ma= nagement, accounting management, etc.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
All |
HMI9.0 |
Operational Systems Access: The Supplier will ensure that encrypted administrative access to in= formation systems, network devices and telecommunications equipment (e.g. b= y using secure management consoles or secure remote login shells such as ss= h), is used. |
MUST= p> |
All |
HMI10.0 |
Operational Systems - Access Policy: The Supplier will ensure access to critical systems and networks by= external individuals for remote maintenance purposes (e.g. remote diagnosi= s / testing, software maintenance) should be managed by:
|
MUST= p> |
All |
HMI12.0 |
Operational Systems Patching Governance: The Supplier to ensure a patch management process is established to= govern the application of patches to:
|
MUST= p> |
All |
HMI13.0 |
Operational Systems Patching Process: The Supplier to ensure that the patch management process will:
|
MUST= p> |
This section is concerned with the recording of the assets within the da= ta centre.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
All |
HCM1.0 |
Configuration Management Data Base: A CMDB (Configuration Management Data Base) will be maintained and conta= in all CI=E2=80=99s, including but not limited to:
The level of detail within the CMDB will be of sufficient detail at the = CI level to be able to support the change and incident process. The Supplier will ensure that a consistent naming convention (e.g. compu= ter / server addresses, network device names, terminal locations and user i= dentifiers) is used and recorded within the CMDB. The Supplier to ensure that CIs that are used as part of the defini= tion of configuration or an asset are held in the CMDB and DSL. This = could include but is not limited to:
|
MUST= p> |
All |
HCM4.0 |
Data Centre Audit Reporting: The Supplier to make the results of its data centre audits availabl= e to the Authority on request along with any work off plans. |
MUST= p> |
This section is concerned with how the service is monitored to understan= d its current state and how it is performing.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
All |
HSM1.0 |
Monitoring Toolsets: The Supplier to implement a toolset to be able to monitor capacity and u= tilisation of equipment, to support the capacity planning and incident proc= ess. This could include but not limited to:
|
MUST= p> |
All |
HSM2.0 |
Service Management Tools: The Supplier to implement service management tools and procedures within= the sub-system including but not limited to:
|
MUST= p> |
All |
HSM4.0 |
Capacity Monitoring: The Supplier to implement a toolset to be able to benchmark the performa=
nce of the infrastructure and software assets to be able to understand the =
deviation from the normal operation. |
MUST= p> |
All |
HSM5.0 |
New Hardware Provisioning: For technology uplifts and new services on new hardware provisions the S=
upplier will select hardware that enables equipment power and temperature t=
o be monitored through standard interfaces allowing integration with the Su=
pplier=E2=80=99s management system.
|
MUST= p> |
All |
HSM6.0 |
Application Provider - NMS Access: The Supplier will allow the Authority's supported method of integration = with NMS. |
SHOULD |
This section is concerned with how a device can be managed remotely.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
|
HDM1.0 |
Lights Out Policy: The Supplier will provide a =E2=80=98lights out=E2=80=99 operational mod= el for the systems with specific processes to allow named engineer access t= o the environment. |
MUST= p> |
|
HDM4.0 |
Remote Systems Maintenance: It will be possible for the Supplier to perform software related mainten= ance and upgrade remotely without requiring physical access to the data hal= l. |
MUST= p> |
This section is concerned with how data is protected when a failure occu= rs within the Solution. This covers both clinical and non-clinical data.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
All |
HDP1.0 |
Data Access Protection: The Supplier to ensure protection of clinical data at the storage l= evel through the use of RAID, block snapshot, replication or mirroring tech= nology within a single data centre / data hall. |
MUST= p> |
All |
HDP2.0 |
Data Loss protection: The Supplier to ensure clinical data is protected using methods aga= inst up to two disk or media failures, within any one device configuration = offering a discrete storage service. |
MUST= p> |
All |
HDP3.0 |
Data Integrity Implementation: The Supplier will provide Transactional Integrity for clinical data by t= he use of a 2nd physical location for storing of data. Note: The 2nd site could be a DR Site, Active 2nd site or a site used fo= r storage replication. |
MUST= p> |
All |
HDP5.0 |
Data Handling Conformance: The clinical data transferred to additional locations will be stored in = accordance of the Authority=E2=80=99s data handling policies. |
MUST= p> |
All |
HDP6.0 |
Data Integrity Approach: The Supplier=E2=80=99s approach to Transaction Integrity to securing dat= a to at least two separate physical locations to be communicated to and ass= ured by the Authority at the Suppliers design stage. |
MUST= p> |
All |
HDP7.0 |
Data Storage - BCDR standards: The Supplier to ensure that Data Protection is performed in line with th= e Disaster Recovery and Business Continuity standard. |
MUST= p> |
All |
HDP9.0 |
Data Replication: The Supplier will ensure that the clinical data applied to the prim= ary site and sent to the 2nd site is processed in time order of how the dat= a was applied to the primary site. Thus ensuring a consistent data set acro= ss the two sites and to maintain the application integrity. |
MUST= p> |
All |
HDP10.0 |
The Supplier to provide a =E2=80=9CData Management Policy=E2=80=9D, to t= he Authority, detailing the data retention and level of resilience / protec= tion needed. |
MUST= p> |
All |
HDP11.0 |
Data Protection Legislation: The Supplier will demonstrate, if requested by the Authority, that = functions/elements provided to meet Data Protection Legislation are operati= ng in accordance with the Authority=E2=80=99s Requirements and the Design D= ocuments. |
MUST= p> |
All |
HDP12.0 |
Data Disposal: The Supplier will ensure that during disposal of equipment all data= is removed from devices before they are passed to a 3rd party or reused in= line with the =E2=80=9CDisposal and Destruction of Sensitive Data Good Pra= ctice Guideline=E2=80=9D. |
MUST= p> |
Due to the sensitive nature of the information in this section, the deta= ils are held in the file "Co location and Provider Data Centre Hosting &= ; Infrastructure Requirements - Security" and can be requested by emailing&= nbsp;gpitfutures@nhs.net.
Applicable Framework(s) |
Requirement ID |
Requirement Text |
Level |
---|---|---|---|
All |
HD1.0 |
Documentation: The Supplier will provide documentation which represents the non-functio=
nal technical architecture of the Solution, including but not limited to: d=
ata centre design, local and wide network architecture, and physical techno=
logy models. Documentation should include diagrams, and associated textual =
descriptions, as necessary to enable effective assurance of key Solution as=
pects as noted below:
Note: Document artefacts to be concise with a preferenc= e for diagrammatical form where the Supplier utilises as much of their own = internal documentation as possible to reduce extra document production. = |
MUST= p> |
All |
HD3.0 |
Capacity Reporting: The Supplier to provide memory, CPU, network and disk utilisation groupi= ng by the sub systems utilising the resources as part of a capacity perform= ance and planning review. |
MUST= p> |
All |
HD5.0 |
The Supplier to provide a Hosting strategy roadmap to the Authority deta= iling where new technology advances could be exploited within the hosting a= rena. Note: This could include advances in IaaS, SaaS,= PaaS that may become viable within the term of the contract. |
MUST= p> |
See Recommended Best Practices
All Suppliers Solutions delivering any Capabilities will need to meet th= is Standard.
Suppliers will not be assessed or assured on these Roadmap Items as part= of Onboarding
Roadmap Item | Standards and Capabilities | Status | Effective Date | Description | Change Type | Change Route |
---|---|---|---|---|---|---|
Changes to ISO27= 001 Requirements |
Business Continuity and Disaster Recovery, H= osting & Infrastructure |
Draft |
TBC |
A change to ensure continued Supp= lier certification to the current version of the ISO/IEC 27001 standard. |
Uplift |
Managed Capacity - Other |
Internet First Policy |
Draft |
TBC |
Services are made available to en= d user over internet connections. |
New |
Managed Capacity - SRO Priority= p> |
|
BS EN 50600 Accreditation= | = td> |
Published |
TBC |
Formal accreditation against BS E= N 50600 for Hosting and Infrastructure. |
Uplift |
Managed Capacity - SRO Priority= p> |