This section describes how requirements may be assessed and provides background information to assist Suppliers

Requirement	Guidance
PCTIS01 Internet First	This will be assessed visually using one of the Supported Browsers by connecting to the application over the Public Internet and ensuring that the application presents an Extended Validation certificate from a trusted CA (Certificate Authority) with a minimum of a SHA-256 signature
PCTIS02 Public Cloud	Suppliers will need to provide evidence that they have followed NHS Digital's cloud risk framework guidelines, submit a WAF review report which they walkthrough responses with the assurance team
PCTIS03 Browser Based Applications	The application must work with all browsers stated in Spine technical information: Warranted Environment Specification (WES) - NHS Digital
PCTIS04 NHS Identity (CIS2)	Users must be able to authenticate using their credentials in CIS2 without the need for a separate identity in the application
PCTIS05 NHS login for Patient Authentication	Patients must be able to authenticate using their credentials in NHS login without the need for a separate identity in the application
PCTIS06 Modern User Experience	Suppliers must provide an independent 3rd party assessment report that shows how they have followed the NHS Design and usability standards and reports compliance against the WCAG 2.1 AA standard (targeting future compliance against WCAG 2.2 as it becomes finalised). These reports may then be uploaded to the Buying Catalogue.
PCTIS07 Open APIs	Any connectivity through to SDS, EPS, e-RS and PDS must be evidenced using the FHIR APIs below: SDS (Spine Directory Services) FHIR API Electronic Prescription Service (EPS) - using EPS FHIR API e-Referrals Service (e-RS) - using e-RS FHIR API Personal Demographics Service (PDS) - using PDS FHIR API
PCTIS08 NHS Development guidelines	Suppliers will need to demonstrate how they follow the engineering principles within the Software Engineering Quality Framework and how they review software engineering quality using the review tool within the framework. If Suppliers do not follow the framework guidance, they will be asked to demonstrate their own equivalent software engineering principles and quality review approaches.