Skip to main content

Care Identity Service for end user organisations

How health and social care organisations should prepare to start using Care Identity Service, including how to choose which authenticators to allow their clinical staff to use to log in, and how to get Registration Authority support.

Page contents

Overview

Care Identity Service (CIS) is a national sign in (authentication) service that allows health and social care workers to access the systems they need securely.

If your organisation uses NHS or commercial software applications that are CIS-enabled, you'll need to set up your organisation to support CIS.

There are 3 activities you'll need to do:

  • find a Registration Authority
  • choose which authenticator(s) you’ll support
  • train your technical support staff

Find a Registration Authority

A Registration Authority is an administrative function that manages user access to CIS. It can be a team or an individual.

It includes things like:

  • registering new users
  • setting up role-based access permissions
  • issuing smartcards
  • unlocking smartcards – although there is a self-service option

Read more about what a Registration Authority does.

If you're an organisation that requires Registration Authority support

There are certain requirements you'll need to meet. You'll need to contact your local Integrated Care Board (ICB) or Commissioning Support Unit (CSU) to discuss the process. Find primary care service provider contact details.

Depending on the type and location of your organisation, Registration Authority support might be provided directly by your ICB or CSU. If they are not able to support your request, please email [email protected] with details of what you need and what action you've taken so far.

Whoever provides you with Registration Authority support, you might have to pay for it.

Choose authenticators

Authenticators are the different methods you can use to sign in using CIS.

Your choice of authenticators is limited by which applications you use:

  • some applications use our legacy CIS1 product and only support smartcards via HSCN
  • some applications use CIS2, need assurance level AAL3 (‘very high’), and are limited to using our strongest authenticators
  • some applications use CIS2, only need assurance level AAL2 ('high'), and can be used with all our authenticators

Some authenticators also need special hardware or software, which you’ll need to buy or install.

For more details, see Care Identity Service authenticators.

Train your technical support staff

CIS has specific hardware and software requirements, so you’ll need to train your technical support team to do things like:

  • set up a workstation
  • troubleshoot issues
  • keep up to date with any changes to hardware and software requirements

This applies whether your IT support team are in-house or outsourced.

For more details, see our online guidance for technical support staff.

Last edited: 18 February 2026 1:42 pm