Resilience by design: Building a national network for ambulance services

By Richard Lycett, Senior Technical Manager at Ambulance Radio Programme

In the world of emergency services, the term mission critical is hard to escape but a non-negotiable in how we operate.

At Ambulance Radio Programme (ARP) our organisation sits within the NHS and exists to provide the national infrastructure that underpins ambulance service communications and mobilisation.

If our systems fail, vehicles cannot be deployed efficiently. If our communications falter, crew safety can be compromised.

Quite simply, many lives depend on the resilience, security and availability of our technology.

Nearly a decade ago, we recognised that the networking model we were operating under was no longer fit for the future.

Government direction required large, monolithic contracts to be broken down into smaller, more agile arrangements.

At the same time, we were implementing a new control room solution alongside a mobile data vehicle platform, both hosted within Crown Hosting Data Centres (CHDC), a joint venture between the Cabinet Office and Ark dedicated to serving the public sector.

We also needed to bring together 35 NHS trust sites into one unified environment. What quickly became clear was that none of this could succeed without a highly resilient, carefully managed national network.

At that point, we did not have a Network Operations Centre (NOC) in place.

We needed not just the infrastructure, but a partner capable of building a resilient network across dual data centres and 35 geographically dispersed ambulance trusts.

That was the beginning of our engagement with Vysiion, a partner to help us design, deploy and manage a national network from the ground up.

Creating a highly resilient foundation

Today, we operate a highly resilient network spanning two data centres, both capable of supporting mission-critical applications for ambulance services nationwide.

The architecture enables continuous availability of our core systems, ensuring that mobilisation and communications services remain operational 24/7.

This is not simply about connecting sites.

It’s about ensuring that applications communicate seamlessly within and between data centres, that our 35 NHS Trust locations can reliably access national systems, and that everything is monitored, maintained, patched and protected against threat.

Resilience has two dimensions: technical and operational. Technically, the dual data centre design ensures redundancy.

Operationally, the presence of a dedicated NOC and evolving managed services model means that incidents are identified and responded to quickly.

We deliberately embedded this support capability from Vysiion before going live with our core applications, ensuring we had stable security from day one.

Security as a continuous discipline

For a national ambulance solution, security is inseparable from resilience. The introduction of DDoS protection has been critical in safeguarding our external communications services.

Without that protection, we would be significantly more exposed to internet-based threats. But security is not just about deploying appliances; it is about responsiveness.

One of the strongest aspects of our partnership has been the speed at which vulnerabilities are identified and addressed.

In some cases, we’ve been alerted to critical issues before national notifications reached us.

When a serious vulnerability emerges, it disrupts everything else. The priority becomes testing, validating and implementing fixes safely and methodically.

During the implementation process and beyond, we test thoroughly.

Experience has taught us that even well-intentioned patches can introduce instability. In a blue light environment, stability is paramount.

The addition of cyber security operations capabilities provided by Exponential-e has further strengthened our position. Few comparable organisations operate with this level of integrated national oversight.

For us, the risk profile of a national mobilisation platform demands it.

Learning through change

If there is one constant throughout this transformation project, it has been change.

We initially believed that after a few years, the rate of transformation might slow. It did not.

As requirements expanded, services grew – from core networking into wider infrastructure, switching, and cyber services.

Some of that growth reflected our own maturity; some resulted from consolidating responsibilities that were previously fragmented across multiple suppliers.

Early on, we had too much segregation. Over time, bringing greater coherence under one trusted partner improved clarity, accountability and operational effectiveness.

Mistakes happen in complex environments. The measure of a partnership is not whether issues occur, but how they are handled.

We have focused heavily on process refinement – introducing “buddying” for critical changes, strengthening assurance steps, and improving monitoring.

Two people carrying out one change may not be faster but getting it right first time is far more efficient than remediation after failure.

Honesty and transparency have been essential. When issues occur, we address them openly, identify root causes, and adjust processes accordingly.

That culture of shared accountability underpins resilience just as much as any technical architecture.

Planning beyond technology

We are now entering another phase of transformation, modernising elements of the technology stack. But technology alone is not the objective.

Every investment must be framed in terms of business value: improved reliability, enhanced security posture, operational efficiency, or measurable risk reduction.

When engaging with our board, technical language alone is insufficient. What matters is articulating the problem being solved and the resilience gained.

That philosophy has shaped our broader lesson for others considering national or centralised models.

Do not simply procure a network or a product. Clearly define the business outcome you are trying to achieve.

Engage partners early, involve them in understanding application behaviours, the operational realities, and avoid being prescriptive, so that you can create better solutions.

Resilience is not something you buy off the shelf. It is designed, tested, refined, and strengthened over time.

A partnership built on shared responsibility

Looking back, ARP has grown together with its technology partners.

What began as a focused managed network service has evolved into a broader, integrated capability spanning networking, security and operational oversight.

For a national ambulance infrastructure provider, the stakes are high.

Vehicle mobilisation, voice communications, and crew safety depend on the continuous availability of our systems.

The resilience we have built is not serendipitous; it is the product of deliberate architecture, responsive security, operational maturity, and a partnership grounded in transparency.

In mission-critical environments, resilience is never finished. It is a discipline.

And it is delivered not just through technology, but through people, process and partnership, working in alignment toward a single goal: keeping essential services running when they are needed most.