Giter Site home page Giter Site logo

nhsengland / it-standards Goto Github PK

View Code? Open in Web Editor NEW
10.0 9.0 9.0 355 KB

IT Standards for NHS England. Documented in markdown and managed as code.

Home Page: https://nhsengland.github.io/it-standards/

License: Other

HTML 100.00%
health uk-government it standards nhs nhs-improvement standards-catalogue nhs-england subject-matter-experts

it-standards's Introduction

NHS England IT Standards

IT Standards for NHS England. Documented in markdown and managed as code.

Out standards are built based on other standards and policies across the UK Government and Health sectors.

The UK Government Tech Vision - ‘Standards that meet user needs: we must be clear how these standards address the user needs of people who use health and care services, carers and families, as well as care professionals and commissioners.’

The NHS Long Term Plan - ‘Set standards that keep information secure and make sure NHS IT systems talk to each other to provide health and care staff with complete access to joined up patient records.’​

Standards Catalogue

Standards Catalogue - A catalogue of the standards in this repository.

To Do

Standards that are known to need to be added but time and resources have not yet caught up, they are documented in the TODO document.

Contributing

If you would like to contribute to these standards, please raise an Issue in the first instance.

Contributions will be accepted via Pull Request (PR). Direct contributors should create a "topic branch" in this repository, make changes there and then submit a PR to get the changes approved and accepted into the master branch which will always be the "current" published version.

Non-direct contributors should create a fork of this repository, make changes and submit a PR.

Minor changes will be reviewed by the main owners of this repository. Major changes to standards will be reviewed initially by the NHS England joint Technical Design Authority. Detailed reviews and further discussions may then be allocated to subject matter experts as required.

Formatting and Structure

All standards published in this repository will be written in GitHub Flavoured Markdown.

Folders, naming standards, reference numbers and other structural standards are yet to be agreed.

Tools

To add/amend standards in this repository, see the Contributing section above.

Devices being used to make amendments will need Git installed.

Standard development type tools can be used to manage the change process. Many people will have a favourite code editor that supports Markdown such as Microsoft Visual Studio Code (which is free for all use and available on different platforms). VS Code has a number of extensions that support management of GitHub repositories.

For anyone who wants something more visual than a text editor, Typora is recommended. Typora provides a visual editor (WYSIWYG) making edits much easier for non-coders.

Copyright and License

Unless otherwise specified, all content in this repository and any copies are subject to Crown Copyright under the Open Government License v3.

Any code is dual licensed under the MIT license and the Open Government License v3.

Any new work added to this repository must conform to the conditions of these licenses. In particular this means that this project may not depend on GPL-licensed or AGPL-licensed libraries, as these would violate the terms of those libraries' licenses.

it-standards's People

Contributors

craig-shenton avatar simplybenuk avatar totallyinformation avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

pollyannajones frigus02 tubbz-alt nhsland uk-gov-mirror mark-cisw lighterny pdbeckwith samhollings

it-standards's Issues

Proposal for New Standard: Development Standards

Proposed name/title

Development Standards

Purpose and description

Document the core standards to be applied to any bespoke development undertaken by E&I.

The purpose being to align as much development work as possible to common, open standards; set minimum requirements; improve knowledge and skills across all teams so adding value to staff; ensuring internal discoverability of systems, specifications and documentation.

See Application-Development/READM for an overview of expected content.

Information domain this standard would relate to

All bespoke development undertaken by and on behalf of NHS England and NHS Improvement.

This is very likely to result in multiple standards being written. It may also require variations to cover specific development domains (e.g. Mobile).

Existing related standards?

None, though some teams have already been asked to contribute. FutureNHS may have some documented that can be referenced.

References to related external standards

  • GDS (UK Govt Cabinet Office), and NHS Digital Design Manuals
  • NCSC security standards and guidance
  • Open Standards (and Open Source where possible)
  • FutureNHS v2 documentation

Proposal for New Standard: Identity and Access Management - Okta

Proposed name/title

Identity and Access Management - Okta

Purpose and description

Define how and when Okta is to be used for Identity and Access Management (IDAM).

Okta is the standard platform for systems and services wanting to control login identities for external (e.g. not corporate) users. Current use is outlined below. Note that any corporate (internal) users who have Okta accounts are treated the same way as external users, no identity assurance is provided. IDAM for internal users is provided by Azure AD.

Standards for the use of Okta will be documented and will include the fact that the current instance of Okta:
• Is configured to only provide identities for authentication (not authorisation).
• Identities are currently managed via the enterprise layer not directly in Okta.
• Current identities have minimal identity assurance – if applications require identity assurance, they must provide that within their own applications or contact CISW to talk about other options.
• Is currently designed primarily for non-corporate users (there is no identity management of corporate users/staff/contractors).
• Some identity requests are auto-approved by pre-approving email domains – again, this does not provide any but the most minimal identity assurance.
• The Okta platform is owned and operated (including configuration and licensing) on behalf of NHS E&I by CISW.
Requests for Okta use outside this current configuration will most certainly be considered and there are various ways more complex scenarios can be set up and even integrated with the current ID’s.

Information domain this standard would relate to

e.g. Web development, corporate system development, infrastructure design, IT procurement, IT architecture, operations, service management, cyber security, ...

Existing related standards?

What existing standards are there that relate to this proposal?

References to related external standards

Is this proposal based on another standard? e.g. GDS, NHS Digital, NCSC, Industry standard?
List any relevant related standards or other information here along with links.

Proposal for Change: Guidance for using Open Internet Tools

Name of and link to existing standard this proposal relates to

Guidance for using Open Internet Tools

Purpose and description of proposed change

Think it needs to list all the approved OITs.
The checklist doesn't refer at all to cyber security, but then there's that last section that seems to suggest you need cyber approval to use one.

Existing related standards?

References to related external standards

MOJs approved list https://ministryofjustice.github.io/security-guidance/general-user-video-and-messaging-apps-guidance/#approved-tools

Proposal for New Standard: Disaster Recovery & Resillience

Standards around Disaster Recovery and Resilience standards

Purpose and description

The disaster recovery and resilience standards would set create a common set of expectations for NHS England applications, both internally developed and procured. Agreeing these in advance should speed up and help procuring applications alongside our expectations of platforms being built internally.

Information domain this standard would relate to

  • Web development
  • Corporate system development
  • Infrastructure design
  • IT procurement
  • IT architecture
  • Operations
  • Service management
  • Cyber security

Existing related standards?

  • Infrastructure
  • Application Development
  • Security

References to related external standards

Proposal for New Standard: Web Site Standards

Proposed name/title

Standards for Websites

Purpose and description

Why would this standard be useful? What might be its scope? Who and what systems/services might be impacted by it?
Details the basic requirements for any website owned and operated by or on-behlaf of NHS England, or NHS Improvement.

Any team or organisation setting up or running websites for or on-behalf of NHSE&I must use these standards as a minimum.

Information domain this standard would relate to

Web development, corporate system development, infrastructure design, IT procurement, IT operations, service management, cyber security.

Existing related standards?

  • IDAM

References to related external standards

NHS, NCSC and NIST standards for web sites.

Proposal for New Standard: Software & Content License

Proposed name/title

Software & Content Licensing

Purpose and description

To recommend a standard way in which NHS software code and content should be licensed. This will also help during procurement phases. Existing software that does not conform to these standards could be identified as exceptions. The GDS way use the following which I feel would be sensible to replicate:

Unless stated otherwise, the codebase is released under the MIT License. This covers both the codebase and any sample code in the documentation.

The documentation is © Crown copyright and available under the terms of the Open Government 3.0 licence.

Information domain this standard would relate to

Not sure, this is quite over reaching.

Existing related standards?

None listed in the standards catalogue, but does relate to the git repo license

References to related external standards

This is proposed based on the existing GDS-Way licensing

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.