This presentation is a part of the Redcentric N3 webcasts series. It provides an in-depth look into the process involved in connecting to the N3 network covering off a range of topics including the prerequisites for connecting, restrictions and how Redcentric can help.
2. • Commercial Aggregation
• What We Do
• Already Connected to N3?
• General Restrictions
• Prerequisites of Connecting
• HIGCAP
• HLCA
• AUP
• Post Approval
• Post Requirements
• Accreditations
AGENDA
3. • Redcentric is responsible for;
• Vetting
• Assuring
• Approving
applications to connect into N3 from third party organisations
• Redcentric will advise, help and support organisations through the strict process of
application and connection
COMMERCIAL AGGREGATION
4. • Save you time, cost and complexity
• Manage and take end-end ownership
• Provide expert guidance and support
• Provide all solution design work
• Assist in mitigating business gaps and short falls
• Provide a transition path into PSN-H
WHAT WE DO
5. • You can confirm if your organisation is already accredited to connect into N3 by visiting
the below link and choosing the appropriate area and organisation name.
https://www.igt.hscic.gov.uk/ReportsOrganisationChooser.aspx
ALREADY ACCREDITED TO
CONNECT?
6. • The use of the N3 network MUST be solely and specifically for the purposes set out in
the business justification
• Connections to the N3 network MUST only be provided to organisations with whom
Redcentric has a direct contractual relationship
• Redcentric MUST ensure that each connected party completes the IGT annually on or
before 31st March
• Redundant service provision or access for former customers MUST be withdrawn
promptly when no longer required
• Redcentric MUST perform audits of their connected customers to confirm compliance
with the assurance process on a regular (at least annual) basis
• No Person Identifiable Data may be viewed, stored or processed by any connected party
outside of the boundaries of England without the express written permission of HSCIC.
GENERAL RESTRICTIONS
7. • An organisation MUST have obtained a formal sponsor before beginning their application
• An organisation MUST have an appropriate business justification to connect into N3
• If applicable, an organisation must have obtained and evidenced either CAP or MSSP
accreditation if they wish to connect and interoperate with the NHS Spine
PREREQUISITES TO
ENGAGEMENT
8. • The HIGCAP Statement includes:
• The right to audit by Redcentric or a nominated 3rd party
• Requirement that no PID or other sensitive data be stored or processed offshore
• Change Control Notification Procedures and approvals process
• The requirements for reporting security events & Incidents
• The requirements for operating a formal security policy
• Wish to connect and interoperate with the NHS Spine
* An organisation is not permitted to deviate its use of N3 from the business
justification detailed within the HIGCAP
(HEALTHCARE INFORMATION GOVERNANCE CONNECTIVITY
ASSURANCE PROCESS)
HIGCAP
9. • The HLCA is required to support;
• The initial HIGCAP application
• Any changes to any of the infrastructure detailed within the current
approved HLCA
• Any new project or service (in-line with the Business Justification in
the HIGCAP)
(HEALTHCARE LOGICAL CONNECTION ARCHITECTURE)
HLCA
10. A completed HLCA will detail;
o The full description of the products and services being offered
o How PID is secured and controlled when in Transit, At Rest, Processed & Viewed
o How the LAN / WAN is deployed, configured, secured and maintained
o The full access control mechanisms including both logical and physical controls
o Remote access, WiFi and 3rd party network Integration (Internet)
o How patch management is maintained
o Your organisations security policy
o A full network topology
HLCA - CONT
11. Policy Documents making up the AUP
• AUP
• Security Policy
• HIGCAP
• HLCA
• Declaration
(ACCEPTABLE USE POLICY / CODE OF PRACTISE)
AUP
12. • Redcentric will obtain your ODS Codes and register you on the NHS register
• Redcentic will obtain your IGT login details
POST APPROVAL
13. • Annual Completion of the full Information Governance Toolkit
• Annual declaration of acceptance of use
• Notification of change of circumstances (Sponsor contract expiration for example)
POST REQUIREMENTS
14. • 12 Years N3 experience within NHS Supplier, Local / Central Healthcare Government
• An NHS Health & Social Care Accredited Commercial Aggregator (8GY91)
• An NHS Health & Social Care Compliant Commercial Third Party (8GY91)
• An NHS Health & Social Care Accredited Supplier of Services to the NHS (YGMAY)
• An NHS Health & Social Care Application Services Provider (YGMAR)
• An NHS Health & Social Care Accredited N3 Service Provider (0740)
• UK Rollout supporting Electronic Patient Services versions 1 & 2
• 100% Compliance Across All Government Assurance Levels
• Actively engaged within the PSN, PSNH and PSNAP programs
• Compliant with Cabinet Offices SPF, IA standards 1,2,4,5,6 & 7 and MoR
• Authorised to process HM Government data protectively marked as “Confidential”
• Participate within various Government and Healthcare committees
• Accredited to both ISO9001 and 27001 standards
• Adhere to PCI/DSS payment card standards
• Accredited to connect and supply services over the JANET academic network
OUR ACCREDITATIONS
15. • Commercial Aggregation
• What We Do
• Already Connected to N3?
• General Restrictions
• Prerequisites of Connecting
• HIGCAP
• HLCA
• AUP
• Post Approval
• Post Requirements
• Accreditations
SUMMARY