Put your software live

Once you've completed assurance, you can put your software live.

In this step you'll:

• submit your configuration details for the production environment
• go live with your software
• handle any changes that may occur once you're live

The configuration for your production environment should replicate your INT configuration and needs to include the following:

• Production Redirection URIs
• Production Backchannel Logout URI
• Security pattern used (Client Secret or Private Key JWT)
• JWKS endpoint URI (only required for Private Key JWT)
• Token Endpoint Signing Algorithm (only required for Private Key JWT)
• If userinfo responses should be signed, including signing algorithm to be used

Double check all the URIs are formatted correctly.

Once you've submitted your configuration to us, please allow a minimum of 2 weeks for us to deploy it and resolve any issues.

You've completed your conformance, demonstrated adherence to the required standards, signed the Connection Agreement and submitted your live config. Your service can now go live.

Health and care professionals can now access your clinical information system conveniently, securely and reliably.

End user organisation preparation

The vast majority of care settings are already set up to use CIS and either have their own, or have access to, a Registration Authority to manage user access.

If you're intending to use your application in an organisation that doesn't currently use CIS, they'll need to prepare for CIS. You might want to send them our guidance for end user organisations.

Next steps

We will ensure your handover to live services for ongoing support is as smooth as possible. There are some things to consider to make sure you stay compliant while in live.

As you continually improve and change your system you will need to stay compliant. This typically means submitting updated responses to the conformance questions in the digital onboarding service.

You'll be asked to re-submit updated responses, even when live, if:

• you change how your service works
• we change how compliance is met

As we make updates and improvements to NHS CIS2 Authentication, we'll contact you with information about upcoming releases and how you might be affected.

NHS CIS2 Authentication change and release process

We are continually assessing our service and looking to improve it in line with security standards, updated compliance and identified user needs. We typically release an update once a month that contains new features and improvements.

We publish all past and future release information and will email you with information about upcoming releases with plenty of notice.

We aim to make releases non-breaking and they normally are. Breaking changes are rare and will be clearly identifiable. We'll work with you to help you understand what changes are breaking and what needs to be done to ensure your application continues to work.