Skip to main content

Digital

Supply chain charter form

Complete this form to declare your commitment to the cyber security supply chain charter.

About this form

As valued partners to the NHS, it's important to us that we work together and defend as one.

We're asking you to ensure, where reasonably necessary (for example, if your service to an NHS organisation supports clinical systems or involves processing, including storage, of confidential information), that you declare your commitment to the supply chain charter.

Your organisation
You have authority to make a public declaration on behalf of the organisation *
Supply chain charter declaration
Commitment 1: Your systems are kept in support and you have the latest patches applied to address known vulnerabilities *
Commitment 1: You pay attention to medium and high severity vulnerabilities that are published on NHS England's cyber alerts pages *
Commitment 2: You complete the Data Security Protection Toolkit *
Commitment 2: You have achieved at least the level of 'Standards Met' as part of the DSPT
Commitment 2: What cyber security standard have you met?
Tick all that apply
Commitment 3: You have applied Multi-Factor Authentication (MFA) to your networks and systems *
Commitment 3: To support your customers to meet NHS England's MFA policy, you have supported identity federation or made MFA functionality available on the products that you provide *
Commitment 4: You have deployed effective 24/7 cyber monitoring and logging of your critical IT infrastructure to prevent and detect cyber-attacks, which will allow investigation in the event of an incident *
Commitment 5: You have ensured that you have immutable backups of your critical business data *
Commitment 5: You have tested your plans to ensure you can offer business continuity and rapid recovery of essential IT *
Commitment 5: You also have immutable backups of your products to ensure the continued provision of the systems and services that you provide *
Commitment 6: You have undertaken board level exercising to ensure you are confident of your ability to respond in the event of a cyber attack *
Commitment 7: You will report to your customers in a timely manner, adhering to (and supporting customers to adhere to) all regulatory requirements, and work collaboratively, openly and in partnership with NHS England in the event of discovering a cyber attack affecting patient care or data *
Commitment 8: Where providing software to the NHS, you agree that the software has been produced in adherence to the Department for Science, Innovation and Technology (DSIT) / National Cyber Security Centre (NCSC) software code of practice and commit to meeting the principles of secure design and development, secure build environment, secure deployment and maintenance and communication with customers *
Closing section