Standards_Catalogue.md

title	description	created	lastUpdated	author
Catalogue of IT Standards for NHS England	A list of the available standards.	2020-06-29	2024-03-19 03:18:03 -0700	Julian Knight

• Application Development Standards

  • Common Application Development Standards

    These apply to all development.

    • Accessibility
    • Authentication
    • Email Integration for Business Applications
    • Infrastructure
    • License and Copyright
    • Security
    • Testing

  • Business Applications Development

    Business applications are bespoke applications developed on corporate/business platforms and will typically use C#, C++, Visual Basic.net, SQL Server, etc. They may be hosted on-premise or in the cloud.

  • Platform Applications Development

    Platform development refers to developing systems and solutions on existing platforms such as Office 365 or Dynamics 365. It does not refer to cloud platforms such as Azure or AWS since these are infrastructure platforms rather than application platforms.

  • Web Applications Development

    Internet applications are mostly Internet facing, they may be public or private. They are developed using Internet standards such as HTML, CSS, JavaScript, etc.

  • Mobile Applications Development

    Development of applications for mobile devices (those running mobile operating systems such as Apple iOS and Google Android).

  • Desktop Applications Development

    Development of applications for desktop devices (those running desktop operating systems such as Apple MacOS and Microsoft Windows).

  • Dependency & Software Version Management

    Standards and guidance on managing software and service dependencies and version control.

• End User Compute (EUC) - desktop and mobile

  Standards covering all matters relating to end-user computing. Including devices, operating systems and applications. Both mobile and desktop.

  • Standards for Desktop EUC devices
  • Desktop Software
  • End User Email Services
  • Software Version Standards
  • User Types
  • Windows 10 Standard Applications

• Identity and Access Management

  Standards for identifying, authenticating and authorising people and systems. Note that this does not include the processes being used, only the standards.

  • As Is - How things are at the moment (prior to the implentation of the 2021 IDAM strategy)
  • People Database - Using the database of staff information

• Infrastructure - cloud and on-premise/data centre

  Standards covering all elements of infrastructure. This is defined as "back-end" hardware and software that supports business applications, networking, security, etc.

  • Cloud Infrastructure
  • Physical Infrastructure (On-Premise, Data-Centre)
  • Networks - Local and Wide-Area Networks (LAN, WAN)
  • Availability

• Security - Security and Privacy

  Standards related to security and privacy.

  • Cloud Apps & Services Guidance
  • Guidance for using Open Internet Tools
  • TLS Standards - How to properly use Transport Level Security

• Services - IT Service procurement and implementation

  • Procurement Requirements

• Other Applicable UK Government and NHS Standards

  All of the standards for NHS England are subject to both NHS and UK Government policies, strategies and standards, the key ones of which are listed here.

  • NHS Digital Service Manual - "Use the service manual to build consistent, usable services that put people first.​ Learn from the research and experience of other NHS teams."
  • Gov.uk Service Manual - "Helping teams to create and run great public services that meet the Service Standard". See also the Government Design Principles and the Gov.uk Design System.
  • Tech Code of Practice - A set of criteria to help government design, build and buy technology. It is a cross-government agreed standard used for the Cabinet Office spend control process and the Local Digital Declaration.
  • The UK Government Tech Vision - ‘Standards that meet user needs: we must be clear how these standards address the user needs of people who use health and care services, carers and families, as well as care professionals and commissioners.’
  • The NHS Long Term Plan - ‘Set standards that keep information secure and make sure NHS IT systems talk to each other to provide health and care staff with complete access to joined up patient records.’​
  • DSP Toolkit - "an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards. All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly."
  • Cyber Essentials Plus - "a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks." All NHS organisations are now required to be certified to CE+.
  • Government Functional Standard GovS 007: Security - "part of a suite of functional standards designed to promote consistent and coherent working within government organisations and across organisational boundaries."

  The OECD's Observatory of Public Sector Innovation (OPSI) also has a useful list of worldwide innovation tool-kits that include other governments takes on digital innovation and development.