Information Governance: MUST Requirements removed

All

GP-IG-5-7

Provision of online services - information protection

The technical architecture of the interface mechanism and any supporting infrastructure to satisfy the requirements in this document will:

• Satisfy the requirements of Data Security and Protection Toolkit or it’s equivalent successor

• Be subject to annual penetration testing as a minimum, or to coincide with significant Solution changes

• Continually incorporate best practice monitoring and intrusion-detection mechanisms

Must

All

GP-IG-14.1-4

Synchronise Internal Clocks - with HSCN Network DNS Servers

The Supplier to ensure that Solutions align to HSCN Network Time Protocol Guidance NHS Network Time Protocol guidance - NHS England Digital

Must

Information Governance: MUST Requirement added to Information Security

All

GP-IG-18-9

Penetration Testing

Penetration testing will be completed by a 3rd party CHECK / CREST accredited organisation before go-live and annually thereafter.

An action plan must be in place to mitigate any vulnerabilities identified in an appropriate timeframe.

MUST

Information Governance: GP-IG-9-1 updated

All

GP-IG-9-1

Data Labelling - hard-copy output

All Personal Data which are output to hard-copy by the Solution will be labelled "Official – Sensitive".

The requirements in this section are not intended to affect the printing specifications for prescriptions or dispensing tokens as specified by the Electronic Prescription Service (EPS) requirements, or for any other outputs that are subject to separate requirements.

SHOULD

Information Governance: Data Labelling context description added

The Requirements in this section are not intended to affect the printing specifications for Prescriptions or dispensing tokens as specified by the EPS Requirements, or for any other outputs that are subject to separate requirements.