Enterprise rollout checklist for NHS teams

Rolling out guideline intelligence touches clinical, IT, and governance teams. Use this checklist to keep everyone aligned.

See how this translates to practice: Explore our Clinical governance features, visit the Patient Safety Hub, or review Clinical Safety & Assurance for enterprise rollout.

1) Access and identity

• Decide whether to start with email + MFA or SSO (Azure AD / NHSmail).
• Define allowed domains and auto-approval rules for clinicians.
• Plan session timeouts: 24h idle, 7 days absolute.

2) Governance and audit

• Enable search audit logs with user email, IP, user agent, correlation ID.
• Pin guideline versions and capture publication dates in responses.
• Agree who reviews audit exports and how often.

3) Content coverage

• Confirm the specialties you need on day one and the sources to include.
• List any local policies that need mapping or linking.
• Identify which queries should be redirected to in-house resources.

4) Integrations

• Pick the first integration surface: intranet tile, EPR sidebar, or API.
• Define how to pass user identity to the proxy for audit.
• Set timeouts that match your EPR and network constraints.

5) Comms and launch

• Share quickstart guidance tailored to your specialties.
• Collect early feedback from a small cohort (registrars, pharmacists, ACPs).
• Schedule a review at 4 weeks to tune coverage and analytics.

Need a template DPIA or a sample governance paper? We have done this with other Trusts and can share what worked.