The Target Operating Model (TOM) is a light-weight framework used for you to self-assure your own system confirming it meets the requirements and passes compliance.
You can download the latest version of the TOM from the Agreements page.
The purpose of the TOM is to support Consumer Application Suppliers to achieve Technical Conformance and inform and provide a guidance framework to assist Commissioning Authorities with the End Product Assurance and deployment approval processes. The TOM describes responsibilities and accountability, and provides an assessment framework to demonstrate that the Consuming Application meets the suggested standards. The TOM will be completed per supplier product and does not lie with the individual organisations that the API may be deployed at. Although the TOM does not sit with the care organisations, the TOM should be accepted by the first of type organisation sponsoring the API development.
The assessment checklist is designed to be self-sufficient, but supported by the specification and underpinning documents on the Developer Portal developer.nhs.uk, with the view that the Commissioning Authority will complete this collaboratively with the Consuming Application Supplier.
Commissioning Authorities are responsible for ensuring supplier and local implementation conformance with the guidance and the principles in this document. NHS Digital will be responsible for reviewing the content of the TOM for completeness however; it is the Commissioning Authorities responsibility for the product evaluation against the TOM, including accepting any risks, mitigations or non-conformance with any requirement. Any non-compliance MUST be formally reported in the TOM.
The main points of the TOM are:
- Single encapsulating model
- Approval of Usage/Settings
- Not centrally assured
- Centrally audited and checked for completeness
- Escalation points exist e.g. for clinical safety
The document itself is a multi-sheet spreadsheet with a variety of areas which need to be filled in by the End user Organisation, the Solution Supplier and NHS Digital. These areas are divided into Contact information, Topology, Architecture, IG & Security, Clinical Safety and Service.
In the process of self-assurance you will progress through the following three phases:
- Phase 1A - Usage and Settings submission for approval by NHS Digital
- Phase 1B - Technical Conformance for approval by NHS Digital
- Phase 2 - Full TOM and Product evaluation by the End User Organisation
Phase 2 may be conducted in parallel to phase 1A and 1B to expedite the process, whilst acknowledging a go-live dependency of approval to access central data being granted.
Note: Before any deployment can commence, the solution supplier must sign the Connection Agreement and the end user must sign the End User Policy.