Transformation Directorate


Standards and guidelines

Before going live with RPA solutions, there are a series of standards that must be complied with.

Clinical safety standards

The clinical safety standards define the requirements and criteria which must be adhered to in order to assure the clinical safety of all IT software, as well as the implementation guidance for achieving the requirements.

Clinical Risk Management Standards

DCB0129: Clinical Risk Management

DCB0160: Clinical Risk Management

Action required: Perform clinical risk management assessment.

Cyber security

The National cyber security centre (NCSC) cloud security guidance highlights details of cloud security principles and provides guidance on how to configure, implement and use cloud services securely.

Action required: Consider principles.

Data security

The National Cyber Security Centre (NCSC) bulk data principles provides good practice and guidance for understanding how to manage and protect bulk data which is held digitally.

Action required: Consider good practice.

A data protection impact assessment (DPIA) provides a step-by-step guide to help identify risk associated with data and mitigate against them.

Action required: Complete DPIA assessment.

An online self-assessment tool is to be used by all organisations that have access to NHS patient data and systems to assess their performance National Data Guardian’s data security standards and provide assurance that they are compliant with data security standards.

Action required: Complete self-assessment.

Interoperability usability and accessibility

Digital technology assessment criteria (DTAC) provides an assurance that all digital health tools used meet the defined clinical safety and technical standards.

Action required: Check and complete (where applicable).

RPA as a medical device

The medical device standards and regulations define a series of recommended processes for the development, deployment and certification of medical devices and related services.

Action required: Check and complete (where applicable).

Screen scraping

Streamlining authentication guidance provides guidance for clinicians and remote smart card registration – emergency guidance for registration authorities.

Action required: Follow NHS national RA policy.