Change Control Notice

 

00016_20170917 to 00025_20191127 HSCN Compliance CR Form

Change Reference:  – 0022 20191127

Date: 27th November 2019

Title:  – HSCN Obligations -Technical and Security Obligations

Change to:- Obligations Framework 4.3.3 – SMOP11

Dialogue:  Removal of CAS-T reference. The obligation will now read as follows.

‘The HSCN Supplier’s services shall be monitored to ensure that they meet the minimum service level.

HSCN service components detailed within the scope of service shall be subject to a Business Impact Assessment, resulting in defined Recovery Time Objective (RTO), Recovery Point Objective (RPO) and Maximum Tolerable Period of Disruption (MTPD) that support the delivery of service to the minimum service level (evidenced by a commitment that they will comply with the HSCN Minimum Compliance Baseline, or a valid ISO/IEC-22301:2012 certification which includes the requirements of the Obligations Framework within it)

The delivery of services shall be subject to formal review to ensure that they are appropriate in terms of delivery and resourcing (evidenced by a commitment statement as per the ‘Compliance Addendum, or ISO/IEC-9001:2008 certification) ‘ and the HSCN Compliance process.

If the HSCN supplier already has a certified Business Continuity Management System and/or a Service Management System, it is required that the HSCN service be incorporated into the respective management systems (incorporating the requirements of the Obligations Framework and HSCN Minimum Compliance Baseline.’

NCSC have stated that CAS T is no longer in use. Whilst a new security standard is being established by NCSC, we have established a position where previous CAS(T) requirements are now covered by ISO27001, Annual ITHC and BCDR plans. A statement has already gone to CN-SPs so they are aware of the current situation regarding re-certification.

Change reason – To meet a regulatory requirement.

Change Level – Major. 

Comments due back on 27th December 2019. No comment is assumed to be acceptance.

The following CN-SPs are consulted

  1. Convergence (Group Networks) Limited
  2. MLL Telecom Limited
  3. Redcentric Solutions Limited
  4. AdEPT Telecom PLC
  5. British Telecommunications PLC
  6. Piksel Limited (Carelink)
  7. Daisy Communications Limited
  8. Exponential-e Limited
  9. IT Professional Services Limited
  10. KCOM Group Public Limited Company
  11. CenturyLink Communications UK Limited
  12. Node 4 Limited
  13. NYNET Limited
  14. OCSL Managed Services Limited
  15. Updata Infrastructure (UK) Limited
  16. The Networking People (Northwest Ltd)
  17. Virgin Media Business Limited
  18. UKFast.net Limited
  19. Gamma Telecom
  20. GTT
  21. High Speed Office
  22. Intercity Technology Ltd
  23. IQVIA Solutions UK Ltd
  24. Logicalis
  25. Telefonica UK Limited
  26. Vodafone
  27. CANCOM UK Managed Services