Summary
Hazard identification is undertaken using a Structured ‘What If’ (SWIFT) method which assesses the potential failure modes of each core component. The Initial Risk Rating (IRR) associated with each identified hazard is assessed considering any existing controls, followed by a Residual Risk Rating (RRR) with any additional risk controls.
Document information and downloads
- Document Contents
- Download Link
- File Details
- Hazard summary
- H1 - Adverse system performance impacting communication and workflow
- H2 - Disrupted communication and workflow due to NHSMail outage
- H3 - Inability to conduct virtual consulations or remote meetings
- H4 - Inability to send or receive emails and attachments
- H5 - Breach or loss of confidential patient data during storage and transmission
- H6 - Unable to access encrypted content
- H7 - Unable to access NHSMail account
- H8 - Unable to access shared mailbox
- H9 - Guest and external users unable to access shared resources
- H10 - Unable to administer user accounts
- H11 - User does not routinely monitor their user/shared mailbox
- H12 - Updating patient care records; user fails to update the patient care record or updates it with delay
- H13 - Legitimate emails and attachments are quarantined and/or deleted (false positive)
- H14 - NHS directory contains incorrect, missing, or duplicate entries
- H15 - User does not maintain their calendar
- H16 - User data fails to fully migrate
- H17 - Accessing third-party (federated) applications
- H18 - The appointment scheduler is unavailable or inaccessible
- H19 - Patient does not receive appointment invite
- H20 - User cannot access Microsoft O365 applications or features
- Hazard assessment criteria
| File type | Adobe Acrobat Portable Document Format (.pdf) |
| File size | 924 KB |
| Last Reviewed Date | 05/02/2025 |
