Skip to main content

Our risk-based assurance framework

NHS Digital’s risk-based assurance framework is designed to support requestors through the product life cycle of design, build and test. A requestor can be an NHS supplier, NHS programme or NHS trust.

Page contents

The requestor journey through quality and risk based assessment to develop an assurance approach for the work.

Image description

Image describes the requestor journey through quality and risk based assessment to develop an assurance approach for the work.

Customers requesting support from Solution Assurance will follow one of two workflows.

  1. Customers undergo a quality assessment of their systems to determine a quality maturity score. They then conduct a risk based assessment which informs the design of a tailored risk based approach.
  2. Customers release an impact statement. This may, optionally, be followed by a quality maturity score. They then conduct a risk based assessment which informs the design of a tailored risk based approach.

Our aim is to produce a tailored risk mitigation plan for each software implementation, based on your quality maturity and how critical each new and subsequent product release is to the NHS (and in relation to other existing systems and processes.)

The quality maturity scoring is based on the systems and processes your service has in place and how well they adhere to industry standards and certifications. This includes the two mandatory clinical safety standards DCB0129 and DCB0160. This score is then used to weight the tracking of risks associated with the systems and applications you deploy.

Risks associated with products include:

  • clinical hazards
  • data integrity and security
  • integration with other systems
  • technical risks within each product or application

The Framework enables Solution Assurance to deploy resources to support you when developing your test and quality processes. If your systems and processes are more mature you can confidently be left to manage all but the most significant risks.

The Framework benefits NHS Digital suppliers and programmes by:

  • providing guidance on NHS Digital standards
  • helping to build quality measurement into the product lifecycle from the early stages
  • setting expectations about dependencies and responsibilities
  • setting clear timescales to inform planning
  • incentivising quality maturity
  • providing a full audit trail of risks and approvals

Solution Assurance maintain a Compliance Catalogue which identifies all vendors and products that have been awarded Milestone Achievement Certificates during the assurance process.

Further information

internal Solution Assurance

We enable the development of safe, secure and effective health and social care technology.

internal Solution Assurance teams

Our teams are divided into multi-disciplinary cells which represent a wide variety of test and assurance skills such as functional, non-functional, data processing and tooling development.

internal Compliance Catalogue

The Compliance Catalogue identifies all vendors and products that have been awarded Milestone Achievement Certificates.

Last edited: 2 October 2020 10:43 am