Root CA for NHS PKI service from the Health and Social Care Information Centre

Root CA for NHS PKI service
from the Health and Social Care Information Centre

Grant of Approval

tScheme Limited grants approval to the electronic trust service identified as:
Root Certificate Authority for the NHS PKI - The NHS PKI is a trust infrastructure which provides certification services throughout the National Health Service. The NHS PKI Root acts as the core of the NHS certification trust infrastructure.

as supplied by:
Health and Social Care Information Centre
of 1 Trevelyan Square, Boar Lane, Leeds LS1 6AE.

The management system used to deliver this service is certified by:
LRQA Lloyd's Register Quality Assurance Ltd.
of Trinity Park, 1 Bickenhill Lane, Birmingham B37 7ES

to satisfy the criteria defined in the following tScheme Approval Profiles:

Title Identity Issue
Base Approval Profile tSd0111 3.00
Approval Profile for Certificate Generation* tSd0104 3.01
Approval Profile for Certificate Dissemination tSd0105 3.01
Approval Profile for Certificate Status Management tSd0106 3.01

*not including Qualified Certificates

This approval initially commenced on:
29th November, 2007

**However, because elements of service are outsourced to the tScheme-Approved service from BT then the audit cycle is synchronised to that service - i.e. May.**

and annual renewal against the current issue of these Approval Profiles was confirmed in:
May 2022

Documents supporting this grant are available by clicking on the links in the table above.

This Grant of approval is issued by:
tScheme Limited
Mulberry Grove
PO Box 3653
RG40 9NN
United Kingdom

Company Number 4000985

Approved Service Description

The Approved service relates to the Health and Social Care Information Centre (NHS HSCIC) Root Certificate Authority for the NHS Public Key Infrastructure. The NHS PKI is controlled by HSCIC, which operates a Policy Management Authority (PMA) to define and control the service. British Telecommunications plc (NHS Service Provider) act as the operational enterprise for the NHS Root Certificate Authority, and conduct all the functional activity relating to the NHS Root Certificate Authority

The NHS Root Certificate Authority (level 0) is designed for the issuance of Digital Certificates only to level 1 Certificate Authorities operating under the NHS Root CA. HSCIC has full control over all Level 1 CAs. HSCIC, via the NHS Policy Management Authority, defines and has complete control over all important business aspects such as the Certificate Policy and registration practices etc. while BT runs the Root Certificate Authority at its secure Data Centre.

The NHS Root Certificate Authority (CA) is separate1 from every other Certification service operated and managed by BT and is run in accordance with the NHS Policy Management Authority requirements and specifications for Root CA services. The certificates produced are manufactured to the profiles specified by HSCIC and are identified as NHS certificates.

Key features of the NHS Root Certificate Authority are:

  • Complete managed service;
  • Operating to defined Certificate Policy and Certificate Profile;
  • Dedicated Certification Authority;
  • Certificates identified as NHS operated and controlled;
  • Standards compliant (for example Certificates are X.509 v3 compliant);
  • Secure infrastructure designed to ISO 27001 and certified by independent audit;
  • Supporting technologies have undergone external evaluations against established criteria (ITSEC, Common Criteria, and FIPS etc.);
  • Support of a variety of cryptographic key management methods including smart cards, tokens etc is used, and;
  • Physically remote secure business continuity and contingency facilities.

The NHS Root Certificate Authority is designed to satisfy the requirements of a Central Government organisation (DoH).

1 This separation is both logical and physical.


Schemes and Profiles

Providing guidelines and criteria for organisations to develop their trust services.


Our members

We’re a member-led not-for-profit organisation.


What we do

Approval for organisations in the trust service provider sector.