-
MFA requirements (started)
-
API standards. Swagger/OpenAPI. See: https://docs.microsoft.com/en-us/azure/architecture/best-practices/api-design, https://nordicapis.com/how-to-manage-1000-specs-at-scale/, https://openapi.tools/, https://www.techtarget.com/searchapparchitecture/tip/How-to-improve-API-documentation-with-Swagger-and-OpenAPI, https://swagger.io/
-
Signing macro's https://future.nhs.uk/cybersecurity/messageshowthread?threadId=9444078
-
nhsx/open-source-policy: Open Source Policy development for the NHS (github.com)
-
Add Snyk secure software dev lifecycle (SSDLC) including diagram
-
Add EUC software version support standards
- Only currently supported versions of software and services are permitted
- Only 1 version of any specific software or service will be deployed – Long-Term Support (LTS) versions will be used where available.
- Where multiple LTS versions exist, the latest version will not be used unless there is an overriding business reason. Where 3 or more LTS versions exist, the aim will be to be on the middle version.
- Patches and minor updates will be applied according to the agreed Cyber Security patching schedules. Urgent/security patches and updates to be applied no later than 14d after release by the vendor. Where this is not possible due to business criticality an exception must be obtained from the SIRO, according to the HSA guidelines.
-
Remove WeTransfer and Miro from block list
-
Technical standards - NHS Digital
DCB1605: Accessible Information https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/dcb1605-accessible-information, NHS England » Accessible Information Standard
-
Add a clinical systems standards page? Ref1.
e.g. model care record: For health and care practitioners to integrate their working practice they will need to maintain care records fit to share with other practitioners, carers and the people receiving their care. While each IT system maintains its own physical data store, there is increasing consistency of how records are maintained. Organisations including National Institute for Health and Care Excellence (NICE), Professional Records Standards Body (PRSB) and Royal Colleges have described business requirements for care records. These follow the approach adopted in ISO 13606-16 and its derivative reference model from the openEHR foundation. The structure was adopted in the design of the HL7 V3 GP2GP specifications. The model care record will follow this approach, selecting either ISO 13606-1 or openEHR following consultation with wider stakeholders. SNOMED CT, ICD-11, A procedure based classification (PBC), Unified Test List (UTL), Dm+d, HL7 FHIR
-
Add new section on standards for AI/MML (Systems Intelligence)
Possibly just a blank for now.