DCB 0129 and DCB 0160 are two standards issued by NHS Digital. They require manufacturers of health IT systems and healthcare organisations to carry out a particular type of risk assessment on the product. This process determines whether or not the product is acceptably safe to go live. Compliance with DCB 0129 and DCB 0160 is mandatory under the Health and Social care Act 2012 (see NHS Digital page).
The two standards are very similar. The idea is that the manufacturer carries out a risk assessment, documents the findings and passes these to the healthcare organisation. They, in turn, look at how they are customising and configuring the product and conduct a further risk assessment. This is also documented. NHS Digital may ask to see the final report before the product goes live.
Note that, in the main, the two standards have got little to do with security, privacy or information governance. Those are covered by other standards and frameworks such as ISO 27001. DCB 0129 and DCB 0160 are strictly about safety, i.e. ensuring that the system doesn’t cause patient harm.