Merge pull request #126 from NHSDigital/APM-000-AMP-3708-network-access

Update patient-care-aggregator-api-producer-api-standards.yaml

Author: nkinsler1

specification/patient-care-aggregator-api-producer-api-standards.yaml

@@ -70,7 +70,9 @@ info:
     | WF-NFR-18             | Security<br>Clinical safety                          | **Inactivity timeouts**<br>Portal systems must configure inactivity timeout for both front end and back-end services to be equal or less than the NHS App inactivity timeout value (currently 10 minutes). At 9 minutes of inactivity the supplier service must warn the user of 1 minute remaining in the session before they will be logged out for inactivity.<br><br>When the session timeout occurs in the mobile version of the App, the user must be automatically directed back to the main NHS App login screen so they can re-login again if needed.<br><br>When the session timeout occurs in a web browser, a timeout message, which has an instruction to close the window or tab, must be displayed. The user must be forced out of the service automatically when the session expires on both the mobile app or in the web browser. The inactivity popup warning and design must be triggered in the browser as per the prototypes provided.<br><br>Portal systems must handle cookies so that sessions are cleaned after the inactivity timeout expiry. For the front end, this includes the auto logout controls that protect the personal data persisting on the inactive page. | M       |
 
     ## Network access 
-    Your API must be available on the internet. 
+    This API is available on the internet and, indirectly, on the [Health and Social Care Network (HSCN)](https://digital.nhs.uk/services/health-and-social-care-network).
+    
+    For more details, see [Network access for APIs](https://digital.nhs.uk/developer/guides-and-documentation/network-access-for-apis). 
 
     ## Security and authorisation
     Your API must use OAuth 2.0 to authenticate and authorise the Patient Care Aggregator as the calling system.