Latest Posts

Latest Comments


Understanding the realities of N3 accreditation


Posted by |

A few months ago I posted a blog highlighting Redcentric’s grant of aggregator status for the N3 network and how that was great news for Independent Software Vendors looking to engage with the NHS. I spoke then of how we could effectively turbo-charge the N3 connectivity journey for ISVs and what leveraging our status, know-how and infrastructure meant in practice: “You short-cut the usual health hoopla, the detailed and extensive due diligence required by a supplier to ensure it can match the security and information governance requirements mandated by the Department of Health.”

It’s a subject I want to return to now as in the intervening months, I’ve met with a good number of ISVs and there is still a degree of confusion about just what is involved in connecting into N3. Using Redcentric is not a free pass as there is still a process, still scrutiny, but it is a very much easier road than going it alone, and it is hard to think of a reason why you would when such an expeditious alternative exists.

Just think about it for a moment. ISVs do not qualify for easy and unrestricted access into N3 as they are not centrally funded by the NHS. They are classed as providers to the NHS only, so they have to go through all the relevant application processes to gain access to the N3 network prior to being able to offer their services. The reality is that that could be up to five application processes, all complex and all mandatory for completion prior to N3 accreditation being granted. Most ISVs have no idea what those processes are and what they demand so have no way to prepare for them. Many walk away before they’ve even begun.

If they do choose to start down that road, they are invariably brought up short very quickly by the lack of specialist Information Assurance (IA) and Information Governance (IG) expertise available to them. There is a very limited supply of the requisite skills sets in the marketplace to assist them, and if they are located, then the cost of completing IA/IG correctly in an acceptable timeframe is considerable. And it goes on, with numerous qualifications, standards and controls having to be evidenced (I liken it to ISO27001 on steroids) which just piles pressure on pressure. The reality is that only the largest of businesses have the degree of experience, skill and resource to have a crack at it. And even for them, there is no getting away from the fact that connecting to N3 is time-consuming, costly, complicated, onerous and all subject to UK law. Ah yes, the law. There’s something very important about the legalities: if IA/IG is not completed correctly, penalties can be levied, and we’re talking about the prison and large fine type of sanction: up to five years in prison for the accounting officer(s) and £0.5m fines, although in extreme circumstances these can be unlimited. And you can wave goodbye to ever being an NHS supplier or indeed a Government supplier in the future.

Reputational or financial damage alone can close a business; both on this scale, together with the loss of a hugely lucrative market for good, would condemn a lot more.

And as I said earlier, it’s hard to see why you’d opt for the high stress, high risk, high cost route when there is a smoother, quicker, cheaper path that will get you to your destination directly. Redcentric has the skills, resources and time; Redcentric provides the assurance that all information governance and security regulations are being met; and Redcentric takes ownership of your whole N3 journey end-to-end.

As more ISVs look to engage with the NHS, they need to be aware of the reality of N3 connectivity and accreditation – going it alone can be brutal. And why would you when there’s a painless alternative available right now?



Post a comment

Comment submitted! Comments needs approval before being displayed.