|
Applicable FrameworkContracting Vehicle(s) | Requirement ID | Requirement Text | Level |
All | GP-IG-2.3-1 | Authentication Services The Solution must use the applicable NHS authentication service to provide authentication: For Patients/Citizens: NHS Login For Health or Care Professionals: CIS2 (where a smartcard is required) or NHSMail Where access to interfaces that demand it is required (such as the NHS Spine). Suppliers will integrate with the appropriate identity service as per Authentication and Access
If the Solution cannot use any existing NHS authentication, an alternative, standards-based authentication service that delivers equivalent strength should be used. These cases are expected to be rare and will be reviewed on a case-by-case basis. | |
All | GP-IG-2.3-2 | Authentication Assurance Level 3 (AAL3) Access to confidential Patient information requires AAL3 level authentication. | |
All | GP-IG-2.3-3 | Application Access Authentication Provide access to all areas of the application through a single authentication step. | |
All
| | Authentication - Access using NHS authentication
Any access to Personal or Special Category Data within Solutions to be subject to NHS authentication (as per Authentication and authorisation section of Interoperability Standard).
| |
All
| | Authentication - General standards
Any access to Personal or Special Category Data within Solutions will be subject to authentication at least to standards described in GP-IG-2.2-1.
| |
All
| | Authentication - NHS authentication with no additional authentication
Solutions shall ensure that, where NHS authentication (as per Authentication and authorisation section of Interoperability Standard) is used, those users are able to carry out all Solution activities (subject to their access rights) without the need for any additional authentication.
| |
All
| | Authentication - Local
Users not using NHS authentication (see GP-IG-2.1-4) can only use local authentication and will not therefore be allowed access to Solution functions for which NHS authentication is required.
| |
All
| | Audit authentication activity
All activities associated with requirements in this section will be recorded in the Solution Audit Trail. Such Audit Trail entries can also include End User device (or Solution) identification information.
| |
All
| | Local authentication model
The Solution can provide a local authentication model to provide an alternative method of authentication for users who are unable to use NHS authentication.
Access to records on the Spine will use Authenticator Assurance Level 3 - ref: NIST 800-63-b.
| |
All
| | Two-factor authentication
Two-factor authentication can be used for local authentication.
Access to records on the Spine will use Authenticator Assurance Level 3 - ref: NIST 800-63-b.
| |
All
| | Two-factor authentication for Citizens
Two-factor authentication will be used for Citizens to log into Solutions.
| |
All
| | Local authentication - unique user identity and password
Any local authentication will be based on a unique user identity which is then authenticated at least through the use of a password.
| |
All
| | Local authentication - password strength and management
Local authentication will satisfy the password strength and password management guidance set out in Meeting the Digital Service Standard and Password Guidance.
| |
All
| | Password storage
Where passwords are stored in Solution databases, they will be stored salted and hashed, using algorithms and strengths recommended in NIST Cryptography Standards.
| |
All
| | User access and password Audit Trail
Successful login, unsuccessful login attempts, logouts and password changes will be recorded in the Solution Audit Trail. Data to be included in such an Audit Trail entry:
Successful login, logout:
Unsuccessful login:
Password changes:
Such Audit Trail entries to also include End User device (or Solution) identification information.
| |
All
| | New user - password creation
New users will be assigned, or will be required to enter, a password matching password-strength requirements in GP-IG-2.2-3.
| |
All
| | New user - define own password on first use
If initial password is assigned, the new user will be required to set a password that meets the password-strength requirements in GP-IG-2.2-3, upon first use of the Solution.
| |
All
| | Password reset
Password reset facilities are provided; the Solution will store additional information associated with each user so as to allow newly-generated passwords to be provided securely to devices previously known to be associated with the user (such as mobile number or NHSmail email address). Any such newly-generated passwords cannot be made visible to Solution-administration staff, and following first use of such passwords, the user will be required to set their own password.
| |
|
All | | Access to whole Records It will be possible to: Restrict access to a Patient/Service User’s entire record (use case is Practice staff member) Apply such restrictions at the level of RBAC user roles and to custom groups of Staff Members Have an audit trail of any such restrictions created
| |
|
All | | Data Labelling - hard-copy output The Supplier shall ensure that: All Personal Data which are output to hard-copy by the Solution will be labelled "Official – Sensitive". This includes Medical Records, audit trails, etc. The protective labelling of the information is shown in a consistent location and manner on any hard-copy output displaying the information The Solution provides a means for users to verify that hard-copy print-outs are complete (e.g. "page 3 of 5" annotations)
The requirements in this section are not intended to affect the printing specifications for prescriptions or dispensing tokens as specified by the Electronic Prescription Service (EPS) requirements, or for any other outputs that are subject to separate requirements. | |
All
| | Hard-copy labelling - standardised location and manner
The Supplier shall ensure that the protective labelling of the information is shown in a consistent location and manner on any hard-copy output displaying the information.
| |
All
| | Identify that hard-copies are complete
The Supplier shall ensure that the Solution provides a means for users to verify that hard-copy print-outs are complete (e.g. "page 3 of 5" annotations).
| |
|
All | | Audit retention The Audit Trail can be moved to archive storage as required for efficient Solution operation. This shall be retained in accordance with the audit retention policy; as specified in Records Management Code of Practice for Health and Social Care 2016 (or later) the latest version of Records management: code of practice for health and social careto allow access as specified above in requirement GP-IG-12-4. Where audit data has been previously archived, it will be made clear in audit viewing tools or other arrangements that some audit data might not be immediately available, but that it can be retrieved (with an indication of steps to take to make such archived data visible). | |
All | | Audit authentication activity All activities associated with requirements in this section the Authentication section will be recorded in the Solution Audit Trail. Such Audit Trail entries can also include End User device (or Solution) identification information. | |
|
All | | General Data Protection Regulation (GDPR) Suppliers to ensure that Solutions processing (including storage of) Personal or Special Category Data adhere to General Data Protection Regulation (GDPR) and Privacy and Electronic Communications Regulations (PECR). See General Data Protection Regulation guidance,and ICO - Guide to the General Data Protection Regulation (GDPR) and the ICO Guide to PECR forfurther guidance on cookies. | |
|
All | | Secure Design Principles The Solution to comply with NCSC Secure Design Principles. | |
All | | Synchronise Internal Clocks - with HSCN Network DNS Servers Solutions can synchronise any internal time clocks with HSCN Network DNS Servers – currently at cns0.nhs.uk & cns1.nhs.uk – using the NTP protocol. Alternatively, tThe Solution will utilise a Stratum 3 time source as a minimum. However, Suppliers can consider the use of Stratum 2 or above.
| |
All | | Protection from Loss or Theft While being processed, stored, and in backup and archive storage, all Personal Data, and sensitive Personal Special Category Data and audit logs shall be physically protected from loss or theft in line with Records Management Code of Practice for Health and Social Care 2016 (or later)the latest version of Records management: code of practice for health and social care. | |
All | | Personal Data and Sensitive Personal Special Category Data - retention policy Personal Data, and sensitive Personal Special Category Data and audit logs shall be retained in line with Records Management Code of Practice for Health and Social Care 2016 (or later)the latest version of Records management: code of practice for health and social care. | |
All | | Data Storage and Processing - Location The location of physical storage of Personal or Sensitive Personal Data shall abide by published Health and Social Care Cloud Security - Good Practice Guide and described in the Records Management Code of Practice for Health and Social Care 2016 (or later) or as subsequently amended.
The geographical location for the processing and storing of any Personal Data (including Special Category Data) must be within the UK. This is in line with the agreed Deed of Processing (S2.5.16). The physical storage of Personal Data (including Special Category Data) will abide by the published Department of Health and Social Care (DHSC) guidelines described in the latest version of Records management: code of practice for health and social care. Please also see Cloud Security - good practice guide. | |
All | | Data - storage periods The Solution shall ensure all data is stored for periods as defined by DHSC guidelines described in the latest version of Records management: code of practice for health and social care. | |
All | | Encryption Keys - unique per data archive discrete dataset The Supplier shall ensure that the encryption key for each archive discrete dataset is unique to that data archive. | |
All | | ISO/IEC 27001 Accreditation A valid ISO 27001 Certificate is required from a UKAS-registered accreditation organisation, or IAF registered accreditation organisation in exceptional circumstances. | SHOULD
|
All | | Application Security The Supplier will ensure that applications are appropriately protected using industry standard techniques, such as controlled access to standard ports and APIs, applying Lleast Pprivilege, accepting only encrypted connections, input validation, and fail-safe defaults. The Supplier will be aware of common specific application vulnerabilities common specific application vulnerabilities and will ensure all appropriate mitigations are incorporated in their architecture. | |