Index of documents supporting the Grant of Approval to NHS Connecting for Health's Root CA Service.

1. What the tScheme Approved Service Mark signifies.
2. Approved Service - Service Description
3. Approval Profiles used in the assessment:
   

   Base Approval Profile	tSd0111	3.00
   Approval Profile for Certificate Generation	tSd0104	3.01
   Approval Profile for Certificate Dissemination	tSd0105	3.01
   Approval Profile for Certificate Status Management	tSd0106	3.01

Back to Grant details

---

What the tScheme Approved Service Mark signifies

When a trust service carries the tScheme Mark, you can be secure in the knowledge that:

• the service has been thoroughly evaluated against rigorous criteria by independent experts;
  
  
• the service provider has agreed to keep to these criteria;
  
  
• the service provider subscribes to the tScheme Code of Conduct;
  
  
• the service provider has agreed to act promptly and fairly to remedy faults.
  
  

For each service, tScheme approval is regularly reviewed and may be withdrawn.

This Grant of Approval does not affirm or endorse any claims of conformance to standards or adherence to guidelines not explicitly listed as forming part of the service assessment.

top

---

Approved Service - Service Description

The Approved service relates to the NHS Connecting for Health (NHS CFH) Root Certificate Authority for the NHS Public Key Infrastructure. The NHS PKI is controlled by NHS CFH, which operates a Policy Management Authority (PMA) to define and control the service.

The NHS Root Certificate Authority (designated Level 0) issues Digital Certificates only to Subordinate Certificate Authorities (designated Level 1) operating under the NHS Root CA. NHS Connecting for Health has full control over the Root CA, all Level 1 CAs and subordinate components that form part of the NHS PKI are under control and management by NHS CFH a via the NHS Policy Management Authority. Components of the PKI are operated and managed by NHS CFH service provision partners and organisations within the NHS.

The NHS Root CA is designed to satisfy the requirements the Department of Heath and acts as the core of the NHS certification trust infrastructure. The NHS Root Certificate Authority the PKI supports the NHS CFH Information Governance strategy to ensure necessary safeguards for, and appropriate use of, patient and personal information and forms part of CFH’s delivery of computer systems and services that improve how patient information is stored and accessed.

top

---

The tScheme Code of Conduct

Participants in the electronic trust services industry strive:

• to act in an honest, fair, reasonable and trustworthy manner;
  
  
• not to bring electronic trust services into disrepute;
  
  
• to provide clear information about what each electronic trust service provides, including limitations and exclusions, to those who rely on that service;
  
  
• to meet service commitments and obligations;
  
  
• to be proactive in identifying and correcting faults and deficiencies in electronic trust services;
  
  
• to operate in accordance with appropriate standards;
  
  
• to act promptly in resolving complaints relating to electronic trust services.

top