Procurement framework strategy recommendations
Guidance for trusts when buying digital and IT goods and services in the NHS
- Recommended routes to market
- Expected commercial adherence
- Pillar descriptions
- Minimum standards applicable for each pillar
NHS England has developed guidance to help simplify the digital and IT framework landscape, remove duplication, and reduce costs.
We have recommended which framework agreements should be used by NHS buyers when buying digital and IT goods and services.
Framework agreements are the most common way of buying digital products in the NHS. They enable buyers to place orders without running a lengthy full tendering exercise and to draw from a predetermined list of accredited vendors. It also means that buyers do not have to approach all vendors in the market, and should, as a result, make the buying process easier and more cost effective.
However, there are often multiple framework agreements to choose from for similar products or services, which can make the procurement process more complicated for both buyers and vendors to navigate. It can lead to buyers being unclear on the appropriate framework to use for their requirement; vendors applying to multiple framework agreements for the same things which can be both expensive and time-consuming; and buyers not always being reassured that the vendors on framework agreements meet the minimum standards that they expect.
We have developed a ‘6 pillar’ approach as a simple yet intuitive way to sub-categorise the varied digital landscape, grouped based on commonality of requirements and functionalities and supplier market capabilities. We have then mapped all the current framework routes to market for buying digital and IT against these and completed a comprehensive further analysis against key commercial criteria. We have engaged with framework providers, buyers and vendor stakeholder groups to understand current risks and challenges and have reflected these in our analysis of the quality of frameworks.
This has resulted in endorsement of the most optimal routes to market. This list ensures full market coverage in terms of the current products and services on offer.
We will continue to work with framework providers to ensure these frameworks are the most appropriate to use at all times and where necessary, support new or modified routes to market to replace any current frameworks that do not continue to meet required criteria.
The endorsed framework agreements are categorised into 6 ‘pillars’ according to the category of product that they offer in order to help make it easier for buyers to find the right framework agreement for what they need to buy. Individual pillar descriptions can be found below.
The key technical, data and digital standards have also been aligned to each pillar. As per standard procurement process, to be accepted onto a framework agreement, vendors must meet these standards aligned to the appropriate pillar(s) as a minimum. This will provide assurance to buyers that vendors meet the minimum standards that they expect. Further details on these standards can be found below.
Email england.ceopframeworks@nhs.net
Recommended routes to market for digital and IT spend across the NHS
We recommend trusts use the following framework agreements:
Pillar 1 – hardware – clinical
- NHS Shared Business Services (NHS SBS) and North of England Commercial Procurement Collaborative (NOECPC): Link 3 IT Hardware and Services
- NHS SBS: Technology Enabled Care Services 2 (lots 1 and 4)
- NHS Commercial Solutions: Pharmacy Robots, Inventory Management Systems, Assets and Associated Services (Lots 4 and 6)
Pillar 2 – hardware – non-clinical
- CCS: Technology Products and Associated Services 2 RM6098 (Lots 1, 2 and 8)
- NHS London Procurement Partnership (LPP): Immersive, Simulation and Related Technologies
- CCS: Network Services 3 RM6116 (Lots 1a, 2a)
- CCS: Spark DPS RM6094
- NHS Commercial Solutions: Digital dictation, speech/voice recognition, outsourced transcription and associated services (lots 1 and 2)
- NHS Commercial Solutions: Patient healthcare communications and related IT services
- NOECPC: Total Technology Solutions (NOE.0552)
- NHS SBS and North of England Commercial Procurement Collaborative (NOECPC): Link 3 IT Hardware and Services
Pillar 3 – software/SaaS/apps – clinical
- CCS: AI DPS RM6200
- CCS: Spark DPS RM6094
- East of England Collaborative Procurement Hub (EOECPH): Ambulance EPR
- LPP: Clinical Digital Health Solutions
- LPP: Health and Social Care Apps DPS
- NHS England: Tech Innovation Framework (TIF)
Pillar 4 – Software/SaaS/Apps – Non-clinical
- CCS: Technology Products and Associated Services 2 RM6098 (Lots 1, 3 and 8)
- NHS London Procurement Partnership (LPP): Immersive, Simulation and Related Technologies
- North of England Commercial Procurement Collaborative (NOECPC): Non-clinical systems DPS
- CCS: AI DPS RM6200
- CCS: Back Office Software RM6194
- CCS: G Cloud 13 (lot 2)
- NHS Commercial Solutions: Digital dictation, speech/voice recognition, outsourced transcription and associated services (lots 1 and 2)
- NHS Commercial Solutions: Patient Healthcare Communications and Related IT Services
- NHS Commercial Solutions: Pharmacy Robots, Inventory Management Systems, Assets and Associated Services (Lots 1, 2, 3 and 6)
- NHS England: HSSF
- NOECPC: Total Technology Solutions (NOE.0552)
Pillar 5 – Services – Clinical
- CCS: AI DPS RM6200
- CCS: Spark DPS RM6094
Pillar 6 – Services/IaaS/PaaS – Non-clinical
6a. Network and Hosting
- CCS: Cloud Compute RM6111
- CCS: G Cloud 13 (lot 1)
- CCS: HSCN Access Services DPS RM3825
- CCS: Network Services 3 RM6116 (Lots 1a, 1d, 2a, 3b and 4a)
- NOECPC: Total Technology Solutions (NOE.0552)
6b. Complementary Technology Solutions
- NHS London Procurement Partnership (LPP): Immersive, Simulation and Related Technologies
- LPP: OneLondon Local Health and Care Record DPS
- CCS: AI DPS RM6200
- CCS: Cyber Security Services 3 RM3764.3
- CCS: Digital Capability for Health 2 RM6345
- CCS: Digital Inclusion and Support DPS RM6209
- CCS: Software Design and Implementation Services RM6193
- CCS: Technology Services 3 RM6100
- LPP: Digital Documents Solutions
- NHS Commercial Solutions: Digital dictation, speech/voice recognition, outsourced transcription and associated services (lots 1, 2, 3, 4)
- NHS Commercial Solutions: Patient Healthcare Communications and Related IT Services
- NHS England: HSSF
6c. Professional Services and Consultancy
- CCS: Digital Outcomes 6 RM1043.8
- CCS: Audio Visual Technical Consultancy and Commissioning DPS RM6225
- CCS: G Cloud 13 (lot 3 for contract value below £250k, lot 4 for contract value over £250k)
- LPP: Clinical Digital Professional Solutions
- North of England Commercial Procurement Collaborative (NOECPC): ICT Solutions Delivery
Expected commercial adherence
Buyers in the NHS should use these framework agreements for all digital buying. This will support and encourage both commercial best practice and innovation in the market and help reduce unnecessary transaction costs.
Use of non-endorsed routes will also ordinarily preclude trusts or other buying organisations accessing shared or central funding for the services in question. Any increased risks of supplier performance or unwarranted costs incurred as a result of using non- endorsed routes would be the sole responsibility of the individual buying organisations.
We will give buyers all they need in terms of central support and guidance to enable buying through the recommended routes. The Digital Category Strategy and Policy Hub will be the first point of contact as we develop the support model further.
NHS buying organisations are reminded that it is their responsibility to ensure they are complying with the Public Contracts Regulations 2015 where they are applicable. Where buyers choose not to use one of the endorsed framework agreements, they should provide a rationale for that decision. This input will be used to constantly refine and improve our recommendations in line with user needs.
Vendors will be expected to show that they meet the relevant minimum standards required to be on any of the endorsed frameworks going forward. This will make vendor capabilities clear to buyers.
Framework providers are expected to follow the six-pillar approach and make sure that the vendors on their framework agreements meet the minimum standards at all times.
Pillar descriptions
Pillar 1 – Hardware – Clinical
Tangible hardware items, that may be governed by MHRA Regulations and can only be used in a specific clinical setting, use case or environment. Such as, but not limited to, All in One Medical Computers/Theatre Consoles, Radiology Workstations and biometric medical items which are not included within a medical/clinical device category (covered by MHRA and NICE). Irrespective of whether procured as assets or subscribed Device as a Service (DaaS).
Pillar 2 – Hardware – Non-clinical
Tangible hardware items, which can be used in any setting, sector or use case and are not covered by MHRA Regulations. Such as, but not limited to, End User Computing and Mobile/Tablet Devices and Peripherals, Printers/Multi-Function Devices, Physical Servers and Physical Networking Equipment, Wireless Access Points and Controllers, Smart Screens and White Boards, Reception Consoles, and Information Screens. Irrespective of whether procured as assets or subscribed Device as a Service (DaaS).
Pillar 3 – Software/SaaS/Apps – Clinical
Software solutions, applications or Mobile Apps used in patient care in any setting/sector, including any system of record which may contain elements or all of a patient’s record, consultation notes, treatment plan and prescriptions. Whether procured as remotely/Cloud hosted, On Prem, licensed or Software as a Service (SaaS).
Pillar 4 – Software/SaaS/Apps – Non-clinical
Software solutions, whether procured as licences or Software as a Service, that can be used across a range of Non-Clinical or Back Office settings, such as Finance or Procurement, HR, Payroll, Information Governance and Risk, Legal Services or IT Services Management Systems and Business Intelligence or Analytical. Also includes Robotic Process Automation (RPA), Digital Dictation or Transcription Services, and other applications and mobile Apps which may support the utilisation of the software solutions used in this Pillar. Whether procured as remotely/Cloud hosted, On Prem, licensed or Software as a Service (SaaS).
Pillar 5 – Services – Clinical
Electronic assistive technologies (EAT) such as for environmental control systems and alternative means of access for complex disabilities; alarm technologies and services that support remote monitoring, enable supported living, e.g., fall monitoring; continuous monitoring services to enable clinical diagnosis of patients at home; scheduled and on demand remote services to manage and control chronic illness (TeleHealth, TeleConsultation); medicine optimisation services.
Pillar 6 – Services/IaaS/PaaS – Non-clinical
6a. Network and Hosting
Intangible solutions such as, but not limited to, mobile data, networking, cloud hosting, Infrastructure as a Service (Iaas), Platform as a Service (PaaS), telephony lines.
6b. Complimentary Technology Solutions
Intangible solutions such as, but not limited to, Cyber Security or Penetration Testing Services, Data Analysis or Business Intelligence Services, Technical Support or Data Migration Services.
6c. Professional Services and Consultancy
Professional services specifically regarding Digital and Technology (excluding Project Management or Temporary Staffing which falls under Workforce Category) technical consultancy and advice.
Minimum standards applicable for each pillar
Pillar 1 – Hardware – Clinical
- MHRA Compliant
- Current OS “N” minus One Compliant
- Cyber Essentials Certified OR ISO 27001 Certified
- DCB0129 Conformant
- WCAG 2.1 at AA level for any web based or mobile user interfaces
Pillar 2 – Hardware – Non-clinical
- Current OS “N” minus One Compliant
- Cyber Essentials Certified OR ISO 27001 Certified
- WCAG 2.1 at AA level for any web based or mobile user interfaces
Pillar 3 – Software/SaaS/Apps – Clinical
- NHS Number as patient identifier
- MHRA Compliant
- Web based or mobile application User Interface
- GDPR Compliant
- Cyber Essentials Certified OR ISO 27001 Certified
- Comply with NHS policies:
- HL7 FHIR Conformant supporting FHIR UK Core
- HL7 FHIR Code System, Value Set and Concept Map including all operations
- DCB0129 Conformant
- SNOMED CT Conformant
- ICD10 Conformant
- ODS Conformant
- WCAG 2.1 at AA level for any web based or mobile user interfaces
- Must align to NCSC Cloud security Principles
Pillar 4 – Software/SaaS/Apps – Non-clinical
- Web based or mobile application User Interface
- GDPR Compliant
- Cyber Essentials Certified OR ISO 27001 Certified
- Comply with NHS policies:
- HL7 FHIR Compliant supporting FHIR UK Core
- Must align to NCSC Cloud security Principles
Pillar 5 – Services – Clinical
- Cyber Essentials Certified OR ISO 27001 Certified
- Hardware and software used in delivery of the service must conform to the relevant standards as set out in the appropriate pillars
Pillar 6 – Services/IaaS/PaaS – Non-clinical
6a. Network and Hosting
- Cyber Essentials Certified OR ISO 27001 Certified
6b. Complementary Technology Solutions
- Cyber Essentials Certified OR ISO 27001 Certified
6c. Professional Services and Consultancy
- Cyber Essentials Certified OR ISO 27001 Certified