0033 20191127 – Update to HSCN Operational Design

Wednesday, 11, December 2019 | HSCN Change Control

Change Control Notice

Documents

00032_201912107 to 00033_20191207 HSCN Compliance CR Form

HSCN Operational Design 4.0

Change Reference:  – 0034 20191207

Title: – HSCN Operational Design re-write

Date:– 10th December 2019

Change to:- HSCN Operational Design (v4)

Dialogue: – The full document has been updated to reflect the latest changes to the HSCN operational design. These changes are namely updates of wording to reference Secure Boundary and reference any CAS-T changes.

CAS-T: NCSC announced the CAS(T) regime was ceased in September 2019. This was done without consultation to NHS Digital and no replacement scheme has been implemented by NCSC yet. An interim solution has been put in place which is essentially a valid IS27001 cert issued by a UKAS auditor, and up to date ITHC to support their HLD and a detailed up to date response to the BCDR controls (annex A). 

CAS-T: NCSC announced the CAS(T) regime was ceased in September 2019. This was done without consultation to NHS Digital and no replacement scheme has been implemented by NCSC yet. An interim solution has been put in place which is essentially a valid IS27001 cert issued by a UKAS auditor, and up to date ITHC to support their HLD and a detailed up to date response to the BCDR controls (annex A).

Secure Boundary: The ANM contract is approaching the end of its term. As such, the service is being replaced by Secure Boundary which is being supplied by Accenture. Having a central cyber security function is integral to HSCN and the wider NHS and Secure Boundary offers that with richer functionality. All CNSPs have had engagement from Accenture and the HSCN programme. Please note this change doesn’t include the connectivity guidance which will be distributed at a later date. This is simply updating the wording in the current documents to reference Secure Boundary.

This change covers all the wording updates required to to bring this document up to date

CAS-T: NCSC announced the CAS(T) regime was ceased in September 2019. This was done without consultation to NHS Digital and no replacement scheme has been implemented by NCSC yet. An interim solution has been put in place which is essentially a valid IS27001 cert issued by a UKAS auditor, and up to date ITHC to support their HLD and a detailed up to date response to the BCDR controls (annex A). 

Secure Boundary: The ANM contract is approaching the end of its term. As such, the service is being replaced by Secure Boundary which is being supplied by Accenture. Having a central cyber security function is integral to HSCN and the wider NHS and Secure Boundary offers that with richer functionality. All CNSPs have had engagement from Accenture and the HSCN programme. Please note this change doesn’t include the connectivity guidance which will be distributed at a later date. This is simply updating the wording in the current documents to reference Secure Boundary.

Change reason –To meet a regulatory requirement

Change Level – Major. 

Comments due back by 10th January 2020

No comment is assumed to be acceptance.

Comments

Comment 1 –

Not accepted. All CNSPs consume services/products from communication providers, greater understanding of the implications of this proposed change is required.

Response 1 –

This has been discussed at the CAS(T) forum [but not specifically with CN-SPs] and there was an interim solution published by NHS Digital which was designed to maintain the standard with minimal impact to CNSPs. This was shared as part of the change request. The only further demand on CNSPs is that their ISO27001:2013 certification is awarded from a UKAS affiliated auditor. Unfortunately the removal of CAS(T) was beyond the scope of NHS Digital. The NCSC website has a statement around the removal of CAS(T) and that can be located on the following link. https://www.ncsc.gov.uk/information/cas-t-policy-and-guidance-documents

Comment 2 –

A commercial review of the proposed changes is required.

Response 2 –

Please can some more information around this comment be provided. NHS Digital don’t believe that the move to Secure Boundary from ANM means any change to the commercial model.

Comment 3 –

A call is requested with NHS-Digital to walk thorough the changes.

Response 3 –

A call is arranged for 9th January @ 10:00.

The following CN-SPs are consulted

  1. Convergence (Group Networks) Limited
  2. MLL Telecom Limited
  3. Redcentric Solutions Limited
  4. AdEPT Telecom PLC
  5. British Telecommunications PLC
  6. Piksel Limited (Carelink)
  7. Daisy Communications Limited
  8. Exponential-e Limited
  9. IT Professional Services Limited
  10. KCOM Group Public Limited Company
  11. CenturyLink Communications UK Limited
  12. Node 4 Limited
  13. NYNET Limited
  14. OCSL Managed Services Limited
  15. Updata Infrastructure (UK) Limited
  16. The Networking People (Northwest Ltd)
  17. Virgin Media Business Limited
  18. UKFast.net Limited
  19. Gamma Telecom
  20. GTT
  21. High Speed Office
  22. Intercity Technology Ltd
  23. IQVIA Solutions UK Ltd
  24. Logicalis
  25. Telefonica UK Limited
  26. Vodafone
  27. CANCOM UK Managed Services