Secure Email Standard and NHSmail 2

Presented by NHS Digital & Accenture

Agenda

• ISB 1596 Secure Email Standard – NHS Digital

• NHSmail 2 Core Service & Additional Services Overview –

Accenture

• Organisation Readiness – Accenture

• Full and Partial Managed Migration Option – Accenture

• Organisation Self Migration Option – NHS Digital

• Next Steps – NHS Digital

• Questions

2

3

ISB 1596 Secure Email Standard

The Secure Email Standard – ISB 1596

• Sets the minimum security baseline for email services.

• Health & Social Care Act 2012 - Health and Care

organisations are required to have “due regard” for this

standard.

• By June 2017 DH policy states that your email service must

meet the secure email standard e.g.

• NHSmail

• Uplifting own Exchange to meet Secure Email Standard

• Office 365 (or services that meet Secure Email Standard)

4

Meeting the Secure Email Standard Requirement Health &

Care Org

IT Service

Provider

Have an up to date IGT or ISO27001 accreditation √

Undertake a security risk assessment for the email service to consider whether it contains

personal & sensitive data or not

√

Have published policies and procedures for the use of secure email using mobile devices √

Local clinical safety approval for use of the email service √

Have published policies for the use of email with insecure system √

ISO27001 accreditation √

OFFICIAL SENSITIVE accreditation by a professional accreditor √

Clinical safety approval for the email service, as per ISB 0129 Clinical Risk Management √

Evidence of conformance to the open standards principles √

5

IT Service Provider Conformance

• ISO 27001 for email system.

• Official Sensitive Accreditation.

• Clinical Safety Sign off – ISB 0129.

• Meets Open Standards Principles.

Health & Social Care Organisations Conformance

• IG Toolkit or ISO 27001.

• Security Risk assessment.

• Mobile Device Policies & Procedures.

• Clinical Safety sign off – ISB 0160.

• Published Policy for use of Email with insecure systems.

Transport Layer Security (TLS) Connection

• TLS is type of connection between local email system and

the GSi relay for routing of secure emails (version 1.2).

• The process is currently being tested by early adopter

organisations – guidance will be published on the NHS

Digital website in due course.

• New secure domain will be issued to Organisations – e.g.

name@orgname.secure.nhs.uk.

• Organisations using Office 365 will still need to implement.

8

Secure Email Standard Next Steps

• Chose your secure email system (Own local, Office 365…).

• If your Organisation choses to run their own local secure email

service please supply estimated completion of ISO 27001.

• Confirm planned timescales for submitting Statement of

Conformance to NHS Digital.

• Organisations are required to meet the ISB 1596 Secure Email

Standard by 30th June 2017.

9

Questions?

10

11

NHSmail – Core & Additional Services

Introduction to NHSmail 2

NHSmail is the national secure collaboration platform for

health and social care. Providing the technology to enable

communication and collaboration within, between and

outside of organisations.

The new service has been designed so that it can be tailored to

your local needs through providing add-on collaboration

capabilities and a flexible range of implementation services.

The platform will provide the following core capabilities:

• A secure and modern email exchange

• Seamlessly integrated instant messaging and presence

• A rich and user-friendly contact directory

• Flexible and intuitive administration tools

12

NHSmail 2 Core Service Solution

Secure and modern email exchange:

Microsoft Exchange 2013

• 4GB mailboxes with option to top-up

• Local branding of email addresses

• Latest email security from Trend Micro

• Mobile device management

Seamlessly integrated instant messaging: Skype

for Business

• Latest Microsoft communication platform

• Instant messaging between users across platform

• Presence management integration across service

A rich and user-friendly contact directory:

NHSmail 2 Directory

• Health and social care contact directory

• Biographical information

• Modern interface and search capabilities

• Custom directory data fields

Flexible and intuitive admin tools:

NHSmail 2 Portal

• Flexible tools for user and admin self-service

• Advanced organisation reporting

• Mobile-friendly

13

NHSmail 2 Additional Services

Mailbox quota and retention top-ups

• Mailboxes in 6, 10 and 25GB

• Retention in units of 500mb

Web and video conferencing:

• Audio and video conferencing

• Peer-to-peer calls

• Desktop sharing

Mobile device management (MDM):

• Advanced MDM

• Provisioning of applications on devices

• Secure access to information

Professional Services

Change Enablement Services*

• Training and Deployment Support

• Communications Strategy and Planning

• Benefits Realisation

* Services available on day-rated bases

14

Questions?

15

16

Organisation Readiness

Organisation Readiness

The table below outlines the typical organisational readiness work streams established to plan and deliver the on-boarding

project:

Workstream Overview

Project Management Planning and management of the end-to-end migration project from the source

environment to NHSmail.

Communications Planning and delivery of communications to the stakeholders within and outside of the

organisation on the migration project and any impact on each stakeholder group.

Training Planning and delivery of the training required to enable end users and administrators

to use and get the best out of the NHSmail 2 service.

Benefits Management Production and delivery of the Benefits Management Plan to realise the local benefits

of using the NHSmail service.

Clinical Safety and Information

Governance

Completion of any locally required clinical safety and information governance

processes to enable the safe transition and use of the NHSmail service.

17

Organisation Readiness Support Materials

To support your on-boarding activities, Accenture and NHS Digital have developed a number of support materials as shown

below which are available at http://support.nhs.net/

Supporting Material Description

Business Case Template Provides a templated Business Case to be updated by organisations for their particular

self or managed migration.

Project Initiation Document Template Provides a templated Project Initiation Document to be updated by organisations for

their particular self or managed migration.

Communications Strategy Template Provides a templated Communications Strategy to be updated by organisations for

their particular self or managed migration.

Communications Plan Template Provides a templated Communications Plan to be updated by organisations for their

particular self or managed migration.

Training Strategy Template Provides a templated Training Strategy to be updated by organisations for their

particular self or managed migration.

18

Questions?

19

20

Full and Partial Managed Migration

Migration Options

Self-service

Migration (Core service)

Partial Managed

Migration (Blend of core and

additional services)

Managed

Migration (Additional service)

Light touch migration service providing basic tools to enable organisations to migrate themselves on to

NHSmail.

This will be a self-service migration with the ability to add elements of the managed migration service

offerings dependent on an organisation’s needs. This could include support with planning, tooling or

technical expertise.

Comprehensive migration service providing planning support, tooling and technical expertise to deliver

the migration. The migration can be fully managed by Accenture or utilise Accenture support to augment

the migrating organisations skills.

The NHSmail 2 Service will offer a number of flexible options for on-boarding to the Service as outlined below:

21

Migration Pre-Requisite Activities

Technical Readiness Activities For All Migration Types

• Audit of Database sizes, volumes and numbers.

• Clean up of active accounts in Active Directory (AD).

• Clean up of attributes and people data in AD.

• Clean up of active mailbox data in Exchange.

• PST (Outlook backup file) consideration.

Technical Readiness Activities for Managed and Partially Managed Migrations Only

• Dedicated Machine for Virtual Private Network (VPN) connection.

• Date range for migrated data requirements (applicable if not all data is being migrated).

• Dedicated Organisation Unit’s (OU) for migration.

• Service accounts with delegated permissions to Exchange data.

22

Migration Options

Accenture are offering three variants of a managed migration:

Fully managed migration

Partially managed migration

VIP managed migration

The suitability of each approach will depend on:

Resourcing - The availability and suitability of IT personnel to undertake the migration project. Organisations at this point should

ensure that their Information Governance, Training and Communications departments are involved with the project.

Funding - Is there funding in place for a migration project.

Project Plan - Are there any restrictions on when the project can take place or should be completed by.

23

Dell Migration Manager Process

1. DirectorySynchronisation

2. Calendar &Free/Busy

Synchronisation

3. MailboxSynchronisation

4. Mailbox Switch

Directory synchronisation is required in order to synchronise the Global Address

Lists for on-boarding organisations to NHSmail 2. This enables a common end

user experience and provides full co-existence between the source and destination

systems.

Migration Manager enables the synchronisation of calendar information

independently from mailbox migration. This ensures that both organisations

have identical address books and that calendar information is available across

both organisations. It is also possible to synchronise free/busy information

separately, providing as close to real-time lookup as possible.

During mailbox synchronisation, Migration Manager gradually transfers the mail

data from the source to the target servers. All mailbox content (including

messages with attachments, contacts, calendar information, and journal entries), is

copied to the target mailboxes.

There is no interruption in user messaging and collaboration because users

are not required to be disconnected from their mailboxes during the migration.

When a mailbox is switched, Migration Manager sets redirection to the

opposite direction: all new mail sent to the old mailbox is automatically forwarded

to the new mailbox in the target organisation. 24

Dell Migration Manager Architectural Structure

25

Managed Migration Responsibilities

What Accenture Customer Charge Basis

Creation of Project Initiation

Document (PID) N/A

Migration PID review and scope

agreed Inclusive

Agree team profile / Assign project

manager Inclusive

Create migration schedule Inclusive

Review pre-requisite and

remediation activities. Agree

timetable.

Inclusive

Remediation Activities as detailed

in migration plan. Accenture

involved as necessary.

Additional

Pre-requisite activities detailed in

migration tooling requirements.

Accenture involved as necessary.

Additional

Review remediation and pre-

requisites complete Inclusive

Create test mailboxes for POC

migration N/A

Test mailbox migration. Inclusive

Fully managed migration

• If required Accenture can work withthe organisation at each step of themigration process.

• Accenture can engage in anyadditional activities as required by theorganisation.

26

Benefits of Managed Migration

Engagement team working with proven methodologies to on-board an organisation with an agreed plan and budget.

Ability to on-board from multiple source platform technologies (Gmail, Office 365, GroupWise, Exchange and more).

Full environment co-existence service with full user, calendar and group sharing.

Discover active users and migrate only live data with the option to archive orphaned account data into Dell Archive Manager.

Directory synchronisation tools prevent isolation or mail routing issues during co-existence in migration window.

Prevents communication blackouts or potential lost email from sudden cutover migrations.

2

1

3

4

5

6

27

Partial Managed Migration

The partial managed migration service is for those organisations that wish to scope and

manage the migration themselves, however may require additional support from

Accenture.

Organisations can choose a combination of self-service migration and managed

migration. This permits organisations to take the self-service migration route whilst

being able to access a selection of managed migration options. Allowing organisation to

bridge potential gaps which may be preventing migrating to the Service.

VIP Partial Managed Migration A further optional component is available to Organisations whereby Accenture provide a

VIP migration service for users whom the client wished to ensure get enhanced support.

This would provide a fully managed service for a particular user group/small number of

users.

28

Partial Managed Migration Responsibilities

What Accenture Customer

Provide list of pre-requisite activities

around network and infrastructure.

Configure Dell Migration Manager

Components.

o Directory, Calendar and Mailbox

Sync.

Beta migration of test accounts.

Pilot migration of pre-agreed group up to

30 accounts.

Analysis and remediation of any issues

related to migration.

Ensure pre-requisite activities are

undertaken prior to Accenture on site

installation.

Work alongside Accenture to understand

the management of the Migration

manager toolset.

Manage the migration schedule.

Perform migration activities.

Post migration clean up.

All migration support activities.

Partially managed migration

• A clear separation of responsibilities between Accenture andthe organisation.

• Accenture to complete majority of pre-migration work with theremainder of the project being completed by IT team.

• Suitable for organisations that have some of the requiredskills available in house.

29

Questions?

30

31

NHSmail 2 – Self Service Migration

NHSmail 2 Self Service Migration

• The ability to complete a self-service migration from a local email service to NHSmail 2 will be available.

• This is intended for those organisations with simple migration requirements and experienced technicalteams. The approach is a light touch migration service providing basic tools to enable organisations tomigrate themselves onto NHSmail 2 service.

• Self Service Migration guidance can be found at http://support.nhs.net/

32

Joining NHSmail 2 Next Steps

• Number of NHSmail accounts the Organisation requires.

• Migration preference for your Organisation.

• Planned migration timeframe.

• A questionnaire is planned to be sent to Organisations

requesting the above information.

33

Questions?

34

35

Questions and Answers

Q&A

• Integration – for both core and additional services(SfB)

details of how will integrate with Office 365 and other

systems/technical infrastructure organisation have already

invested in.

• Policy – clarity over policies and their enforcement e.g.

one publically funded email account per person.

36

Further Information

• feedback@nhs.net – please use this email address forenquiries about joining the NHSmail 2 Service.

• nhsmail.development@accenture.com – please usethis email for enquires on Partial and ManagedMigrations.

• helpdesk@nhs.net – the Helpdesk provide 24x7support for issues using NHSmail 2

37