Deployment Readiness & Compliance Workbook

Project: TallySticks National Transparency Platform
Last Updated: 14 November 2025
Owner: Deployment Assurance Office (NTOC)

Summary Matrix

Badge / Standard Requirement Highlights TallySticks / EAVEcore Control Status Owner Evidence
Cyber Essentials Plus Firewalls, Secure Config, Access Control, Malware Protection, Patch Management Google Cloud Air-Gap (perimeter + VPC); Agent Utility Belt enforces least privilege; automated patch pipelines 🟡 In Progress SecOps Lead CE+ checklist, pen-test report
DTAC (NHS/Health) Clinical Safety, Data Protection, Technical Security, Interoperability Privacy-by-design pipelines, Statutory Fall data shedding, HL7/FHIR adapters 🟡 In Progress Health Vertical Lead DTAC workbook, DPIA
Generative AI Framework No sensitive data in public LLMs; risk assessments; incident logging Constitutional Air-Gap, single-tenant Vertex AI models, Master Jurist audit trail ✅ Ready CTO Model deployment diagrams
G-Cloud 14 Listing Service definition, pricing, SLA Bootstrap Revenue Plan (V142); SaaS tiers (£1k–£50k); uptime SLAs ✅ Ready Commercial Lead Draft G-Cloud submission
ATRS Record Published transparency statement GOV-AI-ATRS record hosted on transparency portal ✅ Ready Governance Lead GOV-AI-ATRS.md
Social Value (PPN 06/20) 10% scoring evidence CIC mandate + Social Value Response template ✅ Ready Bid Team SOCIAL-VALUE-PPN0620.md
ISO 27001 (Optional) ISMS, risk mgmt Policies drafted; ready for expansion post pilot ⚪ Planned CISO ISMS draft pack

Action Tracker

  1. Schedule Cyber Essentials Plus technical audit; capture evidence of MFA enforcement and patch cadence.
  2. Complete DTAC hazard log with NHS clinical safety officer for "40 Hospitals" promise data.
  3. Obtain Google Cloud attestation for UK data residency and single-tenant Vertex AI deployment.
  4. Publish ATRS record and compliance badges on transparency portal immediately after pilot go-live.
  5. Populate evidence locker (SharePoint/Vault) with signed certificates, DPIAs, and ATRS updates.

Notes

📄 Download PDF Version