Secure Email Standard and NHSmail 2

Presented by NHS Digital & Accenture

Agenda • ISB 1596 Secure Email Standard – NHS Digital • NHSmail 2 Core Service & Additional Services Overview – Accenture • Organisation Readiness – Accenture • Full and Partial Managed Migration Option – Accenture • Organisation Self Migration Option – NHS Digital • Next Steps – NHS Digital • Questions

2

ISB 1596 Secure Email Standard 3

The Secure Email Standard – ISB 1596 • Sets the minimum security baseline for email services. • Health & Social Care Act 2012 - Health and Care organisations are required to have “due regard” for this standard. • By June 2017 DH policy states that your email service must meet the secure email standard e.g. • NHSmail • Uplifting own Exchange to meet Secure Email Standard • Office 365 (or services that meet Secure Email Standard) 4

Meeting the Secure Email Standard Requirement

Health & Care Org

Have an up to date IGT or ISO27001 accreditation

√

Undertake a security risk assessment for the email service to consider whether it contains personal & sensitive data or not

√

Have published policies and procedures for the use of secure email using mobile devices

√

Local clinical safety approval for use of the email service

√

Have published policies for the use of email with insecure system

√

IT Service Provider

ISO27001 accreditation

√

OFFICIAL SENSITIVE accreditation by a professional accreditor

√

Clinical safety approval for the email service, as per ISB 0129 Clinical Risk Management

√

Evidence of conformance to the open standards principles

√ 5

IT Service Provider Conformance • ISO 27001 for email system.

• Official Sensitive Accreditation. • Clinical Safety Sign off – ISB 0129. • Meets Open Standards Principles.

Health & Social Care Organisations Conformance • IG Toolkit or ISO 27001. • Security Risk assessment. • Mobile Device Policies & Procedures. • Clinical Safety sign off – ISB 0160. • Published Policy for use of Email with insecure systems.

Transport Layer Security (TLS) Connection • TLS is type of connection between local email system and the GSi relay for routing of secure emails (version 1.2). • The process is currently being tested by early adopter organisations – guidance will be published on the NHS Digital website in due course. • New secure domain will be issued to Organisations – e.g. [email protected]. • Organisations using Office 365 will still need to implement. 8

Secure Email Standard Next Steps • Chose your secure email system (Own local, Office 365…). • If your Organisation choses to run their own local secure email service please supply estimated completion of ISO 27001.

• Confirm planned timescales for submitting Statement of Conformance to NHS Digital. • Organisations are required to meet the ISB 1596 Secure Email Standard by 30th June 2017. 9

Questions?

10

NHSmail – Core & Additional Services 11

Introduction to NHSmail 2 NHSmail is the national secure collaboration platform for health and social care. Providing the technology to enable communication and collaboration within, between and outside of organisations.

The new service has been designed so that it can be tailored to your local needs through providing add-on collaboration capabilities and a flexible range of implementation services. The platform will provide the following core capabilities: • A secure and modern email exchange • Seamlessly integrated instant messaging and presence • A rich and user-friendly contact directory • Flexible and intuitive administration tools

12

NHSmail 2 Core Service Solution Secure and modern email exchange: Microsoft Exchange 2013

Seamlessly integrated instant messaging: Skype for Business

•

4GB mailboxes with option to top-up

•

Latest Microsoft communication platform

•

Local branding of email addresses

•

Instant messaging between users across platform

•

Latest email security from Trend Micro

•

Presence management integration across service

•

Mobile device management

A rich and user-friendly contact directory: NHSmail 2 Directory

Flexible and intuitive admin tools: NHSmail 2 Portal

•

Health and social care contact directory

•

Flexible tools for user and admin self-service

•

Biographical information

•

Advanced organisation reporting

•

Modern interface and search capabilities

•

Mobile-friendly

•

Custom directory data fields

13

NHSmail 2 Additional Services Web and video conferencing:

Professional Services

•

Audio and video conferencing

Change Enablement Services*

•

Peer-to-peer calls

•

Training and Deployment Support

•

Desktop sharing

•

Communications Strategy and Planning

•

Benefits Realisation

Mailbox quota and retention top-ups •

Mailboxes in 6, 10 and 25GB

•

Retention in units of 500mb

* Services available on day-rated bases

Mobile device management (MDM): •

Advanced MDM

•

Provisioning of applications on devices

•

Secure access to information

14

Questions?

15

Organisation Readiness 16

Organisation Readiness The table below outlines the typical organisational readiness work streams established to plan and deliver the on-boarding project: Workstream

Overview

Project Management

Planning and management of the end-to-end migration project from the source environment to NHSmail.

Communications

Planning and delivery of communications to the stakeholders within and outside of the organisation on the migration project and any impact on each stakeholder group.

Training

Planning and delivery of the training required to enable end users and administrators to use and get the best out of the NHSmail 2 service.

Benefits Management

Production and delivery of the Benefits Management Plan to realise the local benefits of using the NHSmail service.

Clinical Safety and Information Governance

Completion of any locally required clinical safety and information governance processes to enable the safe transition and use of the NHSmail service. 17

Organisation Readiness Support Materials To support your on-boarding activities, Accenture and NHS Digital have developed a number of support materials as shown below which are available at http://support.nhs.net/ Supporting Material

Description

Business Case Template

Provides a templated Business Case to be updated by organisations for their particular self or managed migration.

Project Initiation Document Template

Provides a templated Project Initiation Document to be updated by organisations for their particular self or managed migration.

Communications Strategy Template

Provides a templated Communications Strategy to be updated by organisations for their particular self or managed migration.

Communications Plan Template

Provides a templated Communications Plan to be updated by organisations for their particular self or managed migration.

Training Strategy Template

Provides a templated Training Strategy to be updated by organisations for their particular self or managed migration. 18

Questions?

19

Full and Partial Managed Migration 20

Migration Options The NHSmail 2 Service will offer a number of flexible options for on-boarding to the Service as outlined below:

Self-service Migration (Core service)

Partial Managed Migration (Blend of core and additional services)

Managed Migration (Additional service)

Light touch migration service providing basic tools to enable organisations to migrate themselves on to NHSmail.

This will be a self-service migration with the ability to add elements of the managed migration service offerings dependent on an organisation’s needs. This could include support with planning, tooling or technical expertise.

Comprehensive migration service providing planning support, tooling and technical expertise to deliver the migration. The migration can be fully managed by Accenture or utilise Accenture support to augment the migrating organisations skills.

21

Migration Pre-Requisite Activities Technical Readiness Activities For All Migration Types • • • • •

Audit of Database sizes, volumes and numbers. Clean up of active accounts in Active Directory (AD). Clean up of attributes and people data in AD. Clean up of active mailbox data in Exchange. PST (Outlook backup file) consideration.

Technical Readiness Activities for Managed and Partially Managed Migrations Only • • • •

Dedicated Machine for Virtual Private Network (VPN) connection. Date range for migrated data requirements (applicable if not all data is being migrated). Dedicated Organisation Unit’s (OU) for migration. Service accounts with delegated permissions to Exchange data.

22

Migration Options Accenture are offering three variants of a managed migration:

Fully managed migration Partially managed migration VIP managed migration The suitability of each approach will depend on:

Resourcing - The availability and suitability of IT personnel to undertake the migration project. Organisations at this point should ensure that their Information Governance, Training and Communications departments are involved with the project. Funding - Is there funding in place for a migration project. Project Plan - Are there any restrictions on when the project can take place or should be completed by.

23

Dell Migration Manager Process 1. Directory Synchronisation 2. Calendar & Free/Busy Synchronisation 3. Mailbox Synchronisation

4. Mailbox Switch

Directory synchronisation is required in order to synchronise the Global Address Lists for on-boarding organisations to NHSmail 2. This enables a common end user experience and provides full co-existence between the source and destination systems. Migration Manager enables the synchronisation of calendar information independently from mailbox migration. This ensures that both organisations have identical address books and that calendar information is available across both organisations. It is also possible to synchronise free/busy information separately, providing as close to real-time lookup as possible. During mailbox synchronisation, Migration Manager gradually transfers the mail data from the source to the target servers. All mailbox content (including messages with attachments, contacts, calendar information, and journal entries), is copied to the target mailboxes. There is no interruption in user messaging and collaboration because users are not required to be disconnected from their mailboxes during the migration. When a mailbox is switched, Migration Manager sets redirection to the opposite direction: all new mail sent to the old mailbox is automatically forwarded to the new mailbox in the target organisation. 24

Dell Migration Manager Architectural Structure

25

Managed Migration Responsibilities Fully managed migration

•

•

If required Accenture can work with the organisation at each step of the migration process. Accenture can engage in any additional activities as required by the organisation.

What Creation of Project Initiation Document (PID) Migration PID review and scope agreed Agree team profile / Assign project manager Create migration schedule Review pre-requisite and remediation activities. Agree timetable.

Customer

Charge Basis



N/A





Inclusive





Inclusive





Inclusive





Inclusive

Remediation Activities as detailed in migration plan. Accenture involved as necessary.



Additional

Pre-requisite activities detailed in migration tooling requirements. Accenture involved as necessary.



Additional



Inclusive



N/A



Inclusive

Review remediation and prerequisites complete Create test mailboxes for POC migration Test mailbox migration.

Accenture





26

Benefits of Managed Migration 1

Engagement team working with proven methodologies to on-board an organisation with an agreed plan and budget.

2

Ability to on-board from multiple source platform technologies (Gmail, Office 365, GroupWise, Exchange and more).

3

Full environment co-existence service with full user, calendar and group sharing.

4

Discover active users and migrate only live data with the option to archive orphaned account data into Dell Archive Manager.

5

Directory synchronisation tools prevent isolation or mail routing issues during co-existence in migration window.

6

Prevents communication blackouts or potential lost email from sudden cutover migrations.

27

Partial Managed Migration The partial managed migration service is for those organisations that wish to scope and manage the migration themselves, however may require additional support from Accenture. Organisations can choose a combination of self-service migration and managed migration. This permits organisations to take the self-service migration route whilst being able to access a selection of managed migration options. Allowing organisation to bridge potential gaps which may be preventing migrating to the Service.

VIP Partial Managed Migration A further optional component is available to Organisations whereby Accenture provide a VIP migration service for users whom the client wished to ensure get enhanced support. This would provide a fully managed service for a particular user group/small number of users.

28

Partial Managed Migration Responsibilities Partially managed migration

What Provide list of pre-requisite activities around network and infrastructure.

•

A clear separation of responsibilities between Accenture and the organisation.

•

Accenture to complete majority of pre-migration work with the remainder of the project being completed by IT team.

•

Suitable for organisations that have some of the required skills available in house.

Configure Dell Migration Manager Components. o Directory, Calendar and Mailbox Sync. Beta migration of test accounts.

Accenture

Customer



 

Pilot migration of pre-agreed group up to 30 accounts.



Analysis and remediation of any issues related to migration. Ensure pre-requisite activities are undertaken prior to Accenture on site installation. Work alongside Accenture to understand the management of the Migration manager toolset. Manage the migration schedule.

   

Perform migration activities. Post migration clean up.

 

All migration support activities.



29

Questions?

30

NHSmail 2 – Self Service Migration 31

NHSmail 2 Self Service Migration •

The ability to complete a self-service migration from a local email service to NHSmail 2 will be available.

•

This is intended for those organisations with simple migration requirements and experienced technical teams. The approach is a light touch migration service providing basic tools to enable organisations to migrate themselves onto NHSmail 2 service.

•

Self Service Migration guidance can be found at http://support.nhs.net/

32

Joining NHSmail 2 Next Steps • Number of NHSmail accounts the Organisation requires. • Migration preference for your Organisation. • Planned migration timeframe. • A questionnaire is planned to be sent to Organisations requesting the above information. 33

Questions?

34

Questions and Answers 35

Q&A • Integration – for both core and additional services(SfB) details of how will integrate with Office 365 and other systems/technical infrastructure organisation have already invested in.

• Policy – clarity over policies and their enforcement e.g. one publically funded email account per person.

36

Further Information • [email protected] – please use this email address for enquiries about joining the NHSmail 2 Service. • [email protected] – please use this email for enquires on Partial and Managed Migrations.

• [email protected] – the Helpdesk provide 24x7 support for issues using NHSmail 2 37