secure email standard and nhsmail 2 - amazon s3€¢uplifting own exchange to meet secure email...
TRANSCRIPT
Agenda
• ISB 1596 Secure Email Standard – NHS Digital
• NHSmail 2 Core Service & Additional Services Overview –
Accenture
• Organisation Readiness – Accenture
• Full and Partial Managed Migration Option – Accenture
• Organisation Self Migration Option – NHS Digital
• Next Steps – NHS Digital
• Questions
2
The Secure Email Standard – ISB 1596
• Sets the minimum security baseline for email services.
• Health & Social Care Act 2012 - Health and Care
organisations are required to have “due regard” for this
standard.
• By June 2017 DH policy states that your email service must
meet the secure email standard e.g.
• NHSmail
• Uplifting own Exchange to meet Secure Email Standard
• Office 365 (or services that meet Secure Email Standard)
4
Meeting the Secure Email Standard Requirement Health &
Care Org
IT Service
Provider
Have an up to date IGT or ISO27001 accreditation √
Undertake a security risk assessment for the email service to consider whether it contains
personal & sensitive data or not
√
Have published policies and procedures for the use of secure email using mobile devices √
Local clinical safety approval for use of the email service √
Have published policies for the use of email with insecure system √
ISO27001 accreditation √
OFFICIAL SENSITIVE accreditation by a professional accreditor √
Clinical safety approval for the email service, as per ISB 0129 Clinical Risk Management √
Evidence of conformance to the open standards principles √
5
IT Service Provider Conformance
• ISO 27001 for email system.
• Official Sensitive Accreditation.
• Clinical Safety Sign off – ISB 0129.
• Meets Open Standards Principles.
Health & Social Care Organisations Conformance
• IG Toolkit or ISO 27001.
• Security Risk assessment.
• Mobile Device Policies & Procedures.
• Clinical Safety sign off – ISB 0160.
• Published Policy for use of Email with insecure systems.
Transport Layer Security (TLS) Connection
• TLS is type of connection between local email system and
the GSi relay for routing of secure emails (version 1.2).
• The process is currently being tested by early adopter
organisations – guidance will be published on the NHS
Digital website in due course.
• New secure domain will be issued to Organisations – e.g.
• Organisations using Office 365 will still need to implement.
8
Secure Email Standard Next Steps
• Chose your secure email system (Own local, Office 365…).
• If your Organisation choses to run their own local secure email
service please supply estimated completion of ISO 27001.
• Confirm planned timescales for submitting Statement of
Conformance to NHS Digital.
• Organisations are required to meet the ISB 1596 Secure Email
Standard by 30th June 2017.
9
Introduction to NHSmail 2
NHSmail is the national secure collaboration platform for
health and social care. Providing the technology to enable
communication and collaboration within, between and
outside of organisations.
The new service has been designed so that it can be tailored to
your local needs through providing add-on collaboration
capabilities and a flexible range of implementation services.
The platform will provide the following core capabilities:
• A secure and modern email exchange
• Seamlessly integrated instant messaging and presence
• A rich and user-friendly contact directory
• Flexible and intuitive administration tools
12
NHSmail 2 Core Service Solution
Secure and modern email exchange:
Microsoft Exchange 2013
• 4GB mailboxes with option to top-up
• Local branding of email addresses
• Latest email security from Trend Micro
• Mobile device management
Seamlessly integrated instant messaging: Skype
for Business
• Latest Microsoft communication platform
• Instant messaging between users across platform
• Presence management integration across service
A rich and user-friendly contact directory:
NHSmail 2 Directory
• Health and social care contact directory
• Biographical information
• Modern interface and search capabilities
• Custom directory data fields
Flexible and intuitive admin tools:
NHSmail 2 Portal
• Flexible tools for user and admin self-service
• Advanced organisation reporting
• Mobile-friendly
13
NHSmail 2 Additional Services
Mailbox quota and retention top-ups
• Mailboxes in 6, 10 and 25GB
• Retention in units of 500mb
Web and video conferencing:
• Audio and video conferencing
• Peer-to-peer calls
• Desktop sharing
Mobile device management (MDM):
• Advanced MDM
• Provisioning of applications on devices
• Secure access to information
Professional Services
Change Enablement Services*
• Training and Deployment Support
• Communications Strategy and Planning
• Benefits Realisation
* Services available on day-rated bases
14
Organisation Readiness
The table below outlines the typical organisational readiness work streams established to plan and deliver the on-boarding
project:
Workstream Overview
Project Management Planning and management of the end-to-end migration project from the source
environment to NHSmail.
Communications Planning and delivery of communications to the stakeholders within and outside of the
organisation on the migration project and any impact on each stakeholder group.
Training Planning and delivery of the training required to enable end users and administrators
to use and get the best out of the NHSmail 2 service.
Benefits Management Production and delivery of the Benefits Management Plan to realise the local benefits
of using the NHSmail service.
Clinical Safety and Information
Governance
Completion of any locally required clinical safety and information governance
processes to enable the safe transition and use of the NHSmail service.
17
Organisation Readiness Support Materials
To support your on-boarding activities, Accenture and NHS Digital have developed a number of support materials as shown
below which are available at http://support.nhs.net/
Supporting Material Description
Business Case Template Provides a templated Business Case to be updated by organisations for their particular
self or managed migration.
Project Initiation Document Template Provides a templated Project Initiation Document to be updated by organisations for
their particular self or managed migration.
Communications Strategy Template Provides a templated Communications Strategy to be updated by organisations for
their particular self or managed migration.
Communications Plan Template Provides a templated Communications Plan to be updated by organisations for their
particular self or managed migration.
Training Strategy Template Provides a templated Training Strategy to be updated by organisations for their
particular self or managed migration.
18
Migration Options
Self-service
Migration (Core service)
Partial Managed
Migration (Blend of core and
additional services)
Managed
Migration (Additional service)
Light touch migration service providing basic tools to enable organisations to migrate themselves on to
NHSmail.
This will be a self-service migration with the ability to add elements of the managed migration service
offerings dependent on an organisation’s needs. This could include support with planning, tooling or
technical expertise.
Comprehensive migration service providing planning support, tooling and technical expertise to deliver
the migration. The migration can be fully managed by Accenture or utilise Accenture support to augment
the migrating organisations skills.
The NHSmail 2 Service will offer a number of flexible options for on-boarding to the Service as outlined below:
21
Migration Pre-Requisite Activities
Technical Readiness Activities For All Migration Types
• Audit of Database sizes, volumes and numbers.
• Clean up of active accounts in Active Directory (AD).
• Clean up of attributes and people data in AD.
• Clean up of active mailbox data in Exchange.
• PST (Outlook backup file) consideration.
Technical Readiness Activities for Managed and Partially Managed Migrations Only
• Dedicated Machine for Virtual Private Network (VPN) connection.
• Date range for migrated data requirements (applicable if not all data is being migrated).
• Dedicated Organisation Unit’s (OU) for migration.
• Service accounts with delegated permissions to Exchange data.
22
Migration Options
Accenture are offering three variants of a managed migration:
Fully managed migration
Partially managed migration
VIP managed migration
The suitability of each approach will depend on:
Resourcing - The availability and suitability of IT personnel to undertake the migration project. Organisations at this point should
ensure that their Information Governance, Training and Communications departments are involved with the project.
Funding - Is there funding in place for a migration project.
Project Plan - Are there any restrictions on when the project can take place or should be completed by.
23
Dell Migration Manager Process
1. DirectorySynchronisation
2. Calendar &Free/Busy
Synchronisation
3. MailboxSynchronisation
4. Mailbox Switch
Directory synchronisation is required in order to synchronise the Global Address
Lists for on-boarding organisations to NHSmail 2. This enables a common end
user experience and provides full co-existence between the source and destination
systems.
Migration Manager enables the synchronisation of calendar information
independently from mailbox migration. This ensures that both organisations
have identical address books and that calendar information is available across
both organisations. It is also possible to synchronise free/busy information
separately, providing as close to real-time lookup as possible.
During mailbox synchronisation, Migration Manager gradually transfers the mail
data from the source to the target servers. All mailbox content (including
messages with attachments, contacts, calendar information, and journal entries), is
copied to the target mailboxes.
There is no interruption in user messaging and collaboration because users
are not required to be disconnected from their mailboxes during the migration.
When a mailbox is switched, Migration Manager sets redirection to the
opposite direction: all new mail sent to the old mailbox is automatically forwarded
to the new mailbox in the target organisation. 24
Managed Migration Responsibilities
What Accenture Customer Charge Basis
Creation of Project Initiation
Document (PID) N/A
Migration PID review and scope
agreed Inclusive
Agree team profile / Assign project
manager Inclusive
Create migration schedule Inclusive
Review pre-requisite and
remediation activities. Agree
timetable.
Inclusive
Remediation Activities as detailed
in migration plan. Accenture
involved as necessary.
Additional
Pre-requisite activities detailed in
migration tooling requirements.
Accenture involved as necessary.
Additional
Review remediation and pre-
requisites complete Inclusive
Create test mailboxes for POC
migration N/A
Test mailbox migration. Inclusive
Fully managed migration
• If required Accenture can work withthe organisation at each step of themigration process.
• Accenture can engage in anyadditional activities as required by theorganisation.
26
Benefits of Managed Migration
Engagement team working with proven methodologies to on-board an organisation with an agreed plan and budget.
Ability to on-board from multiple source platform technologies (Gmail, Office 365, GroupWise, Exchange and more).
Full environment co-existence service with full user, calendar and group sharing.
Discover active users and migrate only live data with the option to archive orphaned account data into Dell Archive Manager.
Directory synchronisation tools prevent isolation or mail routing issues during co-existence in migration window.
Prevents communication blackouts or potential lost email from sudden cutover migrations.
2
1
3
4
5
6
27
Partial Managed Migration
The partial managed migration service is for those organisations that wish to scope and
manage the migration themselves, however may require additional support from
Accenture.
Organisations can choose a combination of self-service migration and managed
migration. This permits organisations to take the self-service migration route whilst
being able to access a selection of managed migration options. Allowing organisation to
bridge potential gaps which may be preventing migrating to the Service.
VIP Partial Managed Migration A further optional component is available to Organisations whereby Accenture provide a
VIP migration service for users whom the client wished to ensure get enhanced support.
This would provide a fully managed service for a particular user group/small number of
users.
28
Partial Managed Migration Responsibilities
What Accenture Customer
Provide list of pre-requisite activities
around network and infrastructure.
Configure Dell Migration Manager
Components.
o Directory, Calendar and Mailbox
Sync.
Beta migration of test accounts.
Pilot migration of pre-agreed group up to
30 accounts.
Analysis and remediation of any issues
related to migration.
Ensure pre-requisite activities are
undertaken prior to Accenture on site
installation.
Work alongside Accenture to understand
the management of the Migration
manager toolset.
Manage the migration schedule.
Perform migration activities.
Post migration clean up.
All migration support activities.
Partially managed migration
• A clear separation of responsibilities between Accenture andthe organisation.
• Accenture to complete majority of pre-migration work with theremainder of the project being completed by IT team.
• Suitable for organisations that have some of the requiredskills available in house.
29
NHSmail 2 Self Service Migration
• The ability to complete a self-service migration from a local email service to NHSmail 2 will be available.
• This is intended for those organisations with simple migration requirements and experienced technicalteams. The approach is a light touch migration service providing basic tools to enable organisations tomigrate themselves onto NHSmail 2 service.
• Self Service Migration guidance can be found at http://support.nhs.net/
32
Joining NHSmail 2 Next Steps
• Number of NHSmail accounts the Organisation requires.
• Migration preference for your Organisation.
• Planned migration timeframe.
• A questionnaire is planned to be sent to Organisations
requesting the above information.
33
Q&A
• Integration – for both core and additional services(SfB)
details of how will integrate with Office 365 and other
systems/technical infrastructure organisation have already
invested in.
• Policy – clarity over policies and their enforcement e.g.
one publically funded email account per person.
36
Further Information
• [email protected] – please use this email address forenquiries about joining the NHSmail 2 Service.
• [email protected] – please usethis email for enquires on Partial and ManagedMigrations.
• [email protected] – the Helpdesk provide 24x7support for issues using NHSmail 2
37