NHS England - Transformation Directorate

Procurement Framework Strategy recommendations

Guidance for trusts when buying digital and IT goods and services in the NHS

29 March 2022

NHS England has developed guidance to help simplify the digital and IT framework landscape, remove duplication, and reduce costs.

We have recommended which framework agreements should be used by NHS buyers when buying digital and IT goods and services.

Framework agreements are the most common way of buying digital products in the NHS. They enable buyers to place orders without running a lengthy full tendering exercise and to draw from a predetermined list of accredited vendors. It also means that buyers do not have to approach all vendors in the market, and should, as a result, make the buying process easier and more cost effective.

However, there are often multiple framework agreements to choose from for similar products or services, which can make the procurement process more complicated for both buyers and vendors to navigate. It can lead to buyers being unclear on the appropriate framework to use for their requirement; vendors applying to multiple framework agreements for the same things which can be both expensive and time-consuming; and buyers not always being reassured that the vendors on framework agreements meet the minimum standards that they expect.

We have developed a ‘6 pillar’ approach as a simple yet intuitive way to sub-categorise the varied digital landscape, grouped based on commonality of requirements and functionalities and supplier market capabilities. We have then mapped all the current framework routes to market for buying digital and IT against these and completed a comprehensive further analysis against key commercial criteria. We have engaged with framework providers, buyers and vendor stakeholder groups to understand current risks and challenges and have reflected these in our analysis of the quality of frameworks.

This has resulted in endorsement of 36 of the 57 frameworks currently used for procuring digital and IT, as the most optimal routes to market. This list ensures full market coverage in terms of the current products and services on offer.

We will continue to work with framework providers to ensure these frameworks are the most appropriate to use at all times and where necessary, support new or modified routes to market to replace any current frameworks that do not continue to meet required criteria.

The endorsed framework agreements are categorised into 6 ‘pillars’ according to the category of product that they offer in order to help make it easier for buyers to find the right framework agreement for what they need to buy. Individual pillar descriptions can be found below.

The key technical, data and digital standards have also been aligned to each pillar. As per standard procurement process, to be accepted onto a framework agreement, vendors must meet these standards aligned to the appropriate pillar(s) as a minimum. This will provide assurance to buyers that vendors meet the minimum standards that they expect. Further details on these standards can be found below.

Recommended routes to market for digital and IT spend across the NHS

We recommend trusts use the following 36 framework agreements:

Pillar 1 – Hardware – Clinical
  • NOECPC: Link 3 IT Hardware and Services
  • SBS: Digital Workplace: Hardware
Pillar 2 – Hardware – Non-clinical
  • CCS: Network Services 2 RM3808
  • CCS: Spark DPS RM6094
  • CCS: Technology Online Purchasing Content RM6147
  • CCS: Technology Products & Associated Services RM6068
  • LPP: Information Management & Technology
  • NHS Commercial Solutions: Digital Dictation and Outsourced Transcription Services
  • NHS Commercial Solutions: Patient Healthcare Communications and Related IT Services
  • NOECPC: IT Enterprise Solutions
  • NOECPC: Link 3 IT Hardware and Services
  • SBS: Digital Workplace: Hardware
Pillar 3 – Software/SaaS/Apps – Clinical
  • CCS: AI DPS RM6200
  • LPP: Clinical Digital Solutions
  • LPP: Health and Social Care Apps DPS
  • NHSD: GP IT Futures
  • NHSE: HSSF
Pillar 4 – Software/SaaS/Apps – Non-clinical
  • CCS: AI DPS RM6200
  • CCS: Automation Marketplace DPS RM6173
  • CCS: Back Office Software RM6194
  • CCS: Data and Application Solutions RM3821
  • CCS: G Cloud 12 RM1557.12
  • CCS: Network Services 2 RM3808
  • CCS: Spark DPS RM6094
  • CCS: Technology Online Purchasing Content RM6147
  • CCS: Technology Products & Associated Services RM6068
  • LPP: Clinical Digital Solutions
  • LPP: Information Management & Technology
  • NHS Commercial Solutions: Digital Dictation and Outsourced Transcription Services
  • NHS Commercial Solutions: Patient Healthcare Communications and Related IT Services
  • NHSE: HSSF
  • NOECPC: Health Care Performance Analytics and Benchmarking Systems
  • NOECPC: IT Enterprise Solutions
Pillar 5 – Services – Clinical
  • CCS: AI DPS RM6200
  • CCS: Spark DPS RM6094
Pillar 6 – Services/IaaS/PaaS – Non-clinical

6a. Network and Hosting

  • CCS: Cloud Compute RM6111
  • CCS: Crown Hosting RM1069
  • CCS: G Cloud 12 RM1557.12
  • CCS: Gigabit Capable Connectivity DPS RM6095
  • CCS: HSCN Access Services DPS RM3825
  • CCS: Network Services 2 RM3808
  • CCS: PSN Core Services RM6167
  • CCS: Quality Assurance & Test IT Systems 2 RM6148
  • LPP: Information Management & Technology
  • NOECPC: IT Enterprise Solutions

6b. Complementary Technology Solutions

  • CCS: AI DPS RM6200
  • CCS: Automation Marketplace DPS RM6173
  • CCS: Cyber Security Services 3 RM3764.3
  • CCS: Data and Application Solutions RM3821
  • CCS: Digital Capability for Health RM6221
  • CCS: Digital Inclusion and Support DPS RM6209
  • CCS: Software Design and Implementation Services RM6193
  • CCS: Technology Online Purchasing Content RM6147
  • CCS: Technology Products & Associated Services RM6068
  • CCS: Technology Services 3 RM6100
  • LPP: Digital Documents Solutions
  • NHS Commercial Solutions: Digital Dictation and Outsourced Transcription Services
  • NHS Commercial Solutions: Patient Healthcare Communications and Related IT Services
  • NHSE: HSSF

6c. Professional Services and Consultancy

  • CCS: Audio Visual Technical Consultancy and Commissioning DPS RM6225
  • CCS: Digital Outcomes and Specialists 5 RM1043.7
  • CCS: G Cloud 12 RM1557.12
  • LPP: Clinical Digital Professional Solutions
  • LPP: Clinical Digital Solutions
  • LPP: OneLondon Local Health and Care Record DPS
  • NOECPC: ICT Solutions Delivery

Expected commercial adherence

Buyers in the NHS should use these framework agreements for all digital buying. This will support and encourage both commercial best practice and innovation in the market and help reduce unnecessary transaction costs.

Use of non-endorsed routes will also ordinarily preclude trusts or other buying organisations accessing shared or central funding for the services in question. Any increased risks of supplier performance or unwarranted costs incurred as a result of using non- endorsed routes would be the sole responsibility of the individual buying organisations.

We will give buyers all they need in terms of central support and guidance to enable buying through the recommended routes. The Digital Category Strategy and Policy Hub will be the first point of contact as we develop the support model further.

NHS buying organisations are reminded that it is their responsibility to ensure they are complying with the Public Contracts Regulations 2015 where they are applicable. Where buyers choose not to use one of the endorsed framework agreements, they should provide a rationale for that decision. This input will be used to constantly refine and improve our recommendations in line with user needs.

Vendors will be expected to show that they meet the relevant minimum standards required to be on any of the endorsed frameworks going forward. This will make vendor capabilities clear to buyers.

Framework providers are expected to follow the six-pillar approach and make sure that the vendors on their framework agreements meet the minimum standards at all times.

Pillar descriptions

Pillar 1 – Hardware – Clinical

Tangible hardware items, that may be governed by MHRA Regulations and can only be used in a specific clinical setting, use case or environment. Such as, but not limited to, All in One Medical Computers/Theatre Consoles, Radiology Workstations and biometric medical items which are not included within a medical/clinical device category (covered by MHRA & NICE). Irrespective of whether procured as assets or subscribed Device as a Service (DaaS).

Pillar 2 – Hardware – Non-clinical

Tangible hardware items, which can be used in any setting, sector or use case and are not covered by MHRA Regulations. Such as, but not limited to, End User Computing and Mobile/Tablet Devices and Peripherals, Printers/Multi-Function Devices, Physical Servers and Physical Networking Equipment, Wireless Access Points and Controllers, Smart Screens and White Boards, Reception Consoles, and Information Screens. Irrespective of whether procured as assets or subscribed Device as a Service (DaaS).

Pillar 3 – Software/SaaS/Apps – Clinical

Software solutions, applications or Mobile Apps used in patient care in any setting/sector, including any system of record which may contain elements or all of a patient’s record, consultation notes, treatment plan and prescriptions. Whether procured as remotely/Cloud hosted, On Prem, licensed or Software as a Service (SaaS).

Pillar 4 – Software/SaaS/Apps – Non-clinical

Software solutions, whether procured as licences or Software as a Service, that can be used across a range of Non-Clinical or Back Office settings, such as Finance or Procurement, HR, Payroll, Information Governance and Risk, Legal Services or IT Services Management Systems and Business Intelligence or Analytical. Also includes Robotic Process Automation (RPA), Digital Dictation or Transcription Services, and other applications and mobile Apps which may support the utilisation of the software solutions used in this Pillar. Whether procured as remotely/Cloud hosted, On Prem, licensed or Software as a Service (SaaS).

Pillar 5 – Services – Clinical

Electronic assistive technologies (EAT) such as for environmental control systems and alternative means of access for complex disabilities; alarm technologies and services that support remote monitoring, enable supported living, e.g., fall monitoring; continuous monitoring services to enable clinical diagnosis of patients at home; scheduled and on demand remote services to manage and control chronic illness (TeleHealth, TeleConsultation); medicine optimisation services.

Pillar 6 – Services/IaaS/PaaS – Non-clinical

6a. Network and Hosting

Intangible solutions such as, but not limited to, mobile data, networking, cloud hosting, Infrastructure as a Service (Iaas), Platform as a Service (PaaS), telephony lines.

6b. Complimentary Technology Solutions

Intangible solutions such as, but not limited to, Cyber Security or Penetration Testing Services, Data Analysis or Business Intelligence Services, Technical Support or Data Migration Services.

6c. Professional Services and Consultancy

Professional services specifically regarding Digital and Technology (excluding Project Management or Temporary Staffing which falls under Workforce Category) technical consultancy and advice.

Minimum standards applicable for each pillar*

Pillar 1 – Hardware – Clinical
  • MHRA Compliant
  • Ethical / Sustainable Standard Compliant (TBC)
  • Current OS “N” minus One Compliant
  • Cyber Essentials Accredited OR
  • ISO 27001 Accredited
Pillar 2 – Hardware – Non-clinical
  • Ethical / Sustainable Standard Complaint (TBC)
  • Current OS “N” minus One Compliant
  • Cyber Essentials Accredited OR
  • ISO 27001 Accredited
Pillar 3 – Software/SaaS/Apps – Clinical
  • NHS Number as core data record
  • Web based User Interface
  • GDPR Compliant
  • Cyber Essentials Accredited OR
  • ISO 27001 Accredited
  • Cloud Native with UK based hosting location(s)
  • Open APIs
  • HL7 Compliant
  • FHIR Standard Compliant
  • DCB0129 Compliant
  • SNOMED CT and/or ICD10 Compliant (TBC)
Pillar 4 – Software/SaaS/Apps – Non-clinical
  • GDPR Compliant
  • Cyber Essentials Accredited OR
  • ISO 27001 Accredited
  • Cloud Native with UK based hosting location(s)
  • Open APIs
  • HL7 Compliant
Pillar 5 – Services – Clinical
  • Ethical / Sustainable Standard Compliant (TBC)
  • Cyber Essentials Accredited OR
  • ISO 27001 Accredited
Pillar 6 – Services/IaaS/PaaS – Non-clinical

6a. Network and Hosting

  • Ethical / Sustainable Standard Compliant (TBC)
  • Cyber Essentials Accredited OR
  • ISO 27001 Accredited

6b. Complementary Technology Solutions

  • Ethical / Sustainable Standard Compliant (TBC)
  • Cyber Essentials Accredited OR
  • ISO 27001 Accredited

6c. Professional Services and Consultancy

  • Ethical / Sustainable Standard Compliant (TBC)

*These standards are expected to be met and assured for future endorsed frameworks/framework refreshes and have been included to illustrate direction of travel.