THE ELECTRONIC STAFF RECORD PROJECT
NATIONAL HEALTH SERVICE ESR INTERFACE TO UIM IMPLEMENTATION APPROACH GUIDE Information Classification: ESR User Base Author:
Creation Date: 14 July 2010 Last Updated: 8 October 2010 Document Ref: ESR-RPP0005 ESR Interface to UIM Implementation Approach Guide Version:
Paul Spooner Title: ESR Director of Operations Chris Price Title: RPP Implementation Manager
Page 1 of 30
1. Document Control
1.1. Change Record Date
14 July 10 21 July 10 6 September 10 5 October 10 8 October 10
Chris Price Chris Price Chris Price Chris Price Chris Price
Change Reference First draf
0.1 0.2 0.3 0.4 1.0
First draft Updated following initial review Updated following review Updated following formal review Final version.
1.2. Reviewers Name
ESR Design Team Lead
ESR Head of Design
ESR Director of Operations
NHS ESR Data Analysis Manager
1.3. Distribution Copy No.
Project Library Project Manager
Page 2 of 30
2. Contents 1.
Document Control...................................................................................................... 2 1.1. Change Record.....................................................................................................................2 1.2. Reviewers .............................................................................................................................2 1.3. Distribution............................................................................................................................2
Contents ..................................................................................................................... 3 3. 3.1. 3.2. 3.3. 3.4. 3.5. 3.6.
Introduction................................................................................................................ 4 Readership ...........................................................................................................................4 Purpose ................................................................................................................................4 Background...........................................................................................................................4 What does the ESR interface to UIM enable?......................................................................4 Reference documentation and other information sources ...................................................5 Key Terminology...................................................................................................................5
Implementation Overview ......................................................................................... 6
Step 1 – Establish the project ................................................................................... 7
Step 2 – Ensure all pre-requisites are complete ..................................................... 8
Step 3 – Prepare for implementation........................................................................ 9 7.1. Deciding when to activate the interface (Step 3a)................................................................9 7.2. Requesting interface activation (Step 3b) ..........................................................................10 7.3. Defining how ESR will link to UIM (Step 3c).......................................................................11 7.3.1. Positions mapping and linking........................................................................................11 7.3.2. Worklist mapping............................................................................................................12 7.3.3. RA Sponsors mapping ...................................................................................................12 7.3.4. Identify and map NACS..................................................................................................13 7.4. Define a deployment strategy (Step 3d).............................................................................13 7.5. Training and solution integration (Step 3e) ........................................................................13 7.6. Baseline Current Processes via the Benefits Matrix (Step 3f) ...........................................14 7.7. Key Considerations (Step 3g).............................................................................................14 7.7.1. Determining who should use the RA functionality in ESR .............................................14 7.7.2. Multiple assignment (job) holders ..................................................................................14 7.7.3. Management of temporary staff .....................................................................................15 7.7.4. Workstructures assessment...........................................................................................15 7.7.5. Pay cut off periods..........................................................................................................16 7.7.6. Employee Matching and Linking ....................................................................................16 7.7.7. Maintaining the position mappings and links .................................................................18 7.7.8. Considerations for ESR Access following interface activation.......................................18 7.7.9. Management of Identity Checks in ESR ........................................................................19
8. 8.1. 8.2. 8.3. 8.4.
Step 4 – Implementation.......................................................................................... 21 UIM set-up tasks (Step 4a).................................................................................................21 ESR set-up tasks required prior to interface activation (Step 4b) ......................................21 Activate the ESR interface to UIM (Step 4c) ......................................................................21 ESR set up tasks required post interface activation and deployment (Step 4d) ................22 Step 5 – Post implementation review and assessment ........................................ 22
Appendix 1 – Key terminology .....................................................................................................23 Appendix 2 – ESR interface to UIM functionality table..............................................................24 Appendix 3 – Mapping ESR positions to NHS CRS Access Control Positions ......................27 Appendix 4 – Integrated Identity Management project team roles and responsibilities........28
Page 3 of 30
3. Introduction 3.1.
This guide is aimed at Project Managers, Implementation Managers, ESR and RA Leads responsible for the delivery of HR, RA and ESR within an organisation who need to understand how to deploy the ESR interface to User Identity Manager (UIM).
The purpose of this document is to provide implementation guidance to those organisations that have decided to deploy the interface between ESR and the User Identity Manager (UIM) registration software. It is assumed that the interface is being adopted as part of an organisations approach to Integrated Identity Management (see ‘Developing a Strategy for Integrated Identity Management’). This document provides details of the activities required to activate the interface along with important implementation considerations. The quick reference guide to activating the ESR interface to UIM provides a step-by-step guide with regards to the technical activities required to activate the interface. It is recommended that organisations are familiar with this document, and the quick reference guide, prior to the activation of the ESR interface to UIM.
The ESR interface to UIM is applicable to those organisations that have chosen to deploy the interface as part of their strategy for Integrated Identity Management (see the ‘Developing a Strategy for Integrated Identity Management’). The deployment of the interface requires other components of the Integrated Identity Management initiative to have been completed before implementation commences, these are: • Strategic decision regarding choice of implementation model based on ‘Developing a Strategy for Integrated Identity Management’. • Position Based Access Control (PBAC) including the mapping of ESR positions to NHS CRS Access Control Positions– A minimum of one Access Control Position must be defined and mapped to a corresponding ESR position. • Smartcard enabled access for core ESR users (i.e. all ESR users with the exception of those with access only to NLMS and Employee Self Service). Organisations should also have an awareness of the activities outlined within the HR/RA Process Integration toolkit, although the completion of these activities is not compulsory for the activation of the interface.
What does the ESR interface to UIM enable?
The activation of the ESR interface to UIM completes the deployment of the Integrated Identity Management (IIM) initiative. The interface, utilising mappings between ESR positions and NHS CRS Access Control Positions as defined in UIM, automatically updates an individual’s access rights to NHS Care Records Service (NHS CRS) systems when a change is made to that individual in ESR.
Page 4 of 30
Reference documentation and other information sources
The following table lists documentation referenced within this guide and other sources of relevant information. Title ESR-RPP0005 ESR interface to UIM implementation approach guide ESR-RPP0006 A quick reference guide to activating the ESR interface to UIM ESR-RPP0007 ESR set up pre-interface activation quick reference guide
ESR-RPP0008 ESR set up post interface activation quick reference guide
M-3980 NHS CRS to ESR data matching user guidance ESR online user manual
ESR e-Learning Captivates ESR Integrated Identity Management website
UIM Implementation Guide (Link accessible via N3)
Developing a strategy for Integrated Management (Link accessible via N3) HR/RA Process Integration toolkit (Link accessible via N3)
Position Based Access Control (PBAC) Toolkit (Link accessible via N3) NHS CfH Integrated Identity Management website (Link accessible via N3)
Purpose Provides guidance regarding the implementation of the ESR interface to UIM. Provides an overview of the technical steps required to activate the ESR interface to UIM. Provides instructions regarding the ESR set-up activities that must be completed no later than 2 weeks prior to the activation of the ESR interface to UIM. Provides instructions regarding the ESR set-up activities that must be completed as soon as possible following the activation of the ESR interface to UIM. Data match/cleanse/load procedure to match employee records in ESR to existing NHS CRS records. The standard ESR user manual covering all aspects of using the ESR solution including the new interface and RA functionality. E-learning tools covering the end to end processes between ESR and UIM All user documentation regarding the ESR interface to UIM is available via the ESR website http://www.esrsolution.co.uk/iim/ Provides instructions regarding the UIM set-up activities that must be completed no later than 2 weeks prior to the ESR set-up activities being undertaken. Provides the structure to key decisions that need to be made by NHS organisations to realise the benefits of Integrated Identity Management. Helps NHS organisations move towards the integration of business processes between Human Resources and RAs, or between RAs and other identity capture processes. Describes how to simplify the assignment of access rights to the NHS CRS. All user documentation for UIM is on the NHS CFH NWW web site.
It is essential that any reader of this guide understands the key technical terms and acronyms that are referenced throughout. Please refer to Appendix 1 for key terms relating to the technical solutions. In addition the following concepts are used in this guide: • Linking. A link means creating a connection between types of information stored in ESR with equivalents in UIM. For example, an ESR position will be linked to an NHS CRS Access Control Position in UIM when an ESR user selects an NHS CRS Access Control Position from a list of values to link it to the ESR position. • Mapping. A mapping defines the relationship between types of information that will be or are stored in ESR with equivalents that will be or are stored in UIM. This is a precursor activity to ‘linking’. For instance the mapping of ESR positions to NHS CRS Access Control Positions can be done using reports or spreadsheets showing all ESR positions and for each entering the equivalent NHS CRS Access Control Position. Such mappings must be agreed and signed off and used when performing linking. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 5 of 30
4. Implementation Overview This section of the guide outlines the overall approach to the deployment of the ESR interface to UIM. Step 1 – Establish the project It is recommended that organisations establish a formal project with a Project Manager/Lead, governance arrangements, sponsorship and a project team. Organisations will need to ensure that sufficient resources are in place to support the deployment of the ESR interface to UIM and the roles are defined for a Project Manager/lead and team members. Step 2 – Ensure all pre-requisite activities are complete The following pre-requisites must be completed prior to the deployment of the ESR interface to UIM: • Strategic Decision Making regarding choice of implementation model; • Smartcard enabled access for core ESR users (i.e. all ESR users with the exception of those with access only to NLMS and Employee Self Service); • Position Based Access Control – A minimum of one NHS CRS Access Control Position must be defined and mapped to a corresponding ESR position; • Ensure that all UUIDs have been populated in ESR where required. Organisations should also have an awareness of the activities outlined within the HR/RA process integration toolkit, although the completion of these activities is not compulsory for the activation of the ESR interface to UIM. Step 3 – Prepare for implementation Preparation activities include: a) b) c) d) e) f) g)
Deciding when to activate the interface; Requesting interface activation; Defining how employee, positions and other data in ESR will map to equivalents in UIM; Determine how the solution will be rolled out across the organisation; Determine how users will be trained on the solution and integration with business processes; Baseline current processes using the benefits matrix; Key considerations and decision making: • Payroll cut off periods (ensuring this is kept to a minimum; circa 2 days); • How temporary staff are managed; • Whether there are employees with more than one job role (assignments); • Maintenance of position mappings ongoing; • Considerations for ESR Access following interface activation; • Management of identity checks in ESR.
Step 4 – Implementation Implementation activities include: a) b) c) d)
UIM set up tasks; ESR set up tasks required prior to interface activation; Activate the ESR interface to UIM; ESR set up tasks required post interface activation and deployment.
Step 5 – Post Implementation Review and Assessment Following implementation organisations should assess the project by conducting a post implementation review. This will assess the qualitative and quantitative benefits that have been achieved through a ‘before’ and ‘after’ comparison. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 6 of 30
5. Step 1 – Establish the project It is recommended that organisations set up a project to implement the ESR interface to UIM. The key steps to do this are; 1. Engage with ESR Regional RPP Project Managers The ESR Regional RPP Project Managers are able to provide advice and guidance regarding the set up of the local project team. Please click here for contact details. 2. Gain trust board support and nominate an executive sponsor Support from the board (or a project / programme board) is one of the key success factors in any project of this nature, especially within an NHS organisation where any number of initiatives and change projects may be competing for the same resource pool. In order to secure resources, enable the project to be prioritised and ensure that all stakeholders support the project it will be necessary to nominate a senior executive manager to provide sponsorship. The key benefits to organisations implementing an Integrated Identity Management strategy are summarised below: • Adherence to the new Informatics Guidance, published alongside the NHS Operating Framework 2010/11. The guidance requires organisations to develop Action Plans to utilise the User Identify Manager (UIM) and Electronic Staff Record (ESR) Interface – to support compliance with the NHS Employment Check Standards and achieve the associated productivity. • Improved information governance of both patient and staff data; • Cost savings and efficiency gains; • More robust control of who has access to the NHS Care Records Service applications; • More streamlined employment pathway (e.g. by means of single point of identity checks; immediate grant and revocation of access following changes to job etc). Benefits relating specifically to the use of the ESR interface to UIM include: • Productive time savings; • Ensuring that the right access is granted to the right people based on the job that they do; • Improved data quality; • Improvements in information governance and data security, by reduction of time taken to grant and revoke access to patient data; • Reduction in duplication of information by means of a single point of data entry for personal details and identity information; • Comprehensive and easily accessible audit trail. The above information may be used to prepare a business case or justification in order to obtain board support. 3. Project Initiation • Set up a steering group to oversee the project and provide executive support; • Define and allocate resources including a Project Manager / Lead and a project team. (see Appendix 4 for suggestions); • Establish project governance arrangements; • Draft and approve a Project Initiation Document (PID), a template PID is available here; • Produce project plan (a generic task list is available here). • Conduct a Project Kick off meeting.
Page 7 of 30
6. Step 2 – Ensure all pre-requisites are complete The deployment of the ESR interface to UIM requires the following pre-requisites to have been completed: Pre-Requisite Strategic decision regarding choice of implementation model based on the ‘Developing a Strategy for Integrated Identity Management’ Smartcard enabled access to ESR for core users
Reason / Outcome It is assumed that organisations reading this guidance have decided to adopt the interface as part of their approach to integrated identity management (see ‘Developing a Strategy for Integrated Identity Management’). The Strategic decision should be formally communicated to the NHS ESR Regional RPP Project Manager. All NHS organisations within England are moving to NHS CRS Smartcard facilitated ESR access as part of the drive to improve information governance for all personal identifiable data held by the NHS. The transition to Smartcard enabled ESR access ensures staff data is secured to the same level as patient data and provides ESR users with the e-GIF level 3 security clearance in order to effect changes on NHS CRS via the ESR interface to UIM. The NHS ESR Data Team has been working closely with organisations to remove username and password access to ESR user accounts (a process known as URP lockdown). As a prerequisite to the activation of the ESR interface to UIM all ESR User Responsibility Profiles (URPs) must be locked down with the exception of the NLMS (National Learning Management System) and Employee Self Service URPs. Click here for further details regarding the ESR Smartcard enablement project.
Position Based Access Control (PBAC) – based on the PBAC toolkit. A minimum of one Access Control Position must be defined and mapped to a corresponding ESR position prior to activating the ESR interface to UIM.
Any questions regarding the Smartcard enablement of ESR users should be directed to email@example.com. Using the Position Based Access Control (PBAC) methodology (as explained in the PBAC toolkit) enables organisations to define a number of NHS CRS Access Control Positions which can be subsequently set up in UIM. These NHS CRS Access Control Positions define the access rights to NHS CRS applications needed by staff to do their job. In order for the interface to operate, the definition and relationship between ESR positions and NHS CRS Access Control Positions needs to be established. The mapping between NHS CRS Access Control Positions and ESR positions needs to be defined as part of the PBAC work so that it is clear which jobs, as defined by ESR positions, relate to which NHS CRS access rights. This mapping needs to be formally approved and signed off before the implementation of the interface commences. It is anticipated that organisations will have completed PBAC (including the mapping of ESR positions to NHS CRS Positions) prior to the implementation of UIM. It is however possible for organisations to activate the interface with a minimum of one Access Control Position mapped to a corresponding ESR position. This will allow the Access Control Position(s) to be downloaded to ESR and then linked to the appropriate ESR Position(s) as part of the implementation. Further NHS CRS Access Control Positions can be created in UIM if required, and then downloaded into ESR allowing for a progressive rollout of the interface functionality within an organisation.
Page 8 of 30
Pre-Requisite UUID Data Load and data cleansing
Reason / Outcome Organisations deploying the ESR interface to UIM will have a number of employees in ESR who have, or will need to have, access to NHS CRS applications. These employees will already have, or need to have, a record on the Spine User Directory (SUD). For the ESR interface to function, the employee records in ESR will need to be matched and then linked to their equivalent records in the SUD. The actual link between the two systems at employee level is achieved by adding the Unique User Identifier (UUID) from the SUD record into the ESR employee record. Organisations requesting activation of the ESR interface to UIM will be offered a free data load service by the NHS ESR Data Team. This will facilitate the loading of the UUID and e-GIF flag into ESR, for all matching records between ESR and NHS CRS. The data load will ensure that all ESR person records are linked to the appropriate record on NHS CRS prior to the activation of the interface. The data load will utilise a similar procedure as that used for loading the UUIDs of ESR users during the ESR Smartcard enablement programme. A data extract will be taken from both ESR and NHS CRS and run through a data matching tool. This will produce a report of records that can be successfully matched between ESR and NHS CRS. A successful match will require the NI Number, Surname and Forename to be the same in both ESR and NHS CRS. The NHS CRS UUID and e-GIF flag for matching records will then be loaded into ESR on the agreed load date. Records that cannot be successfully matched between ESR and NHS CRS will not be loaded into ESR. Prior to the data load taking place organisations will be provided with data matching reports detailing any data cleansing that may be required on either NHS CRS or ESR. The records must be cleansed in advance of the data load in order for the UUIDs to be loaded into ESR. Further details regarding data matching are available within the M-3980 NHS CRS to ESR data matching user guidance. Important Note: UUID Data loads can only be provided by the NHS ESR Data Team prior to the activation of the interface. Following the activation of the interface organisations will need to use the person lookup functionality to manually assign UUIDs to ESR person records (for those records where the UUID has not been loaded into ESR).
Organisations should also have an awareness of the activities outlined within the HR/RA Process Integration toolkit prior to the activation of the interface. However, the completion of these activities is NOT compulsory for the activation of the ESR interface to UIM.
7. Step 3 â€“ Prepare for implementation In order to implement the ESR interface to UIM it will be necessary to conduct a number of preparation steps. This involves understanding the functionality in both ESR and UIM and how the interface will operate; defining the links between the two systems and decision making regarding a number of key factors which are given below.
7.1. Deciding when to activate the interface (Step 3a) There are two broad approaches that may be adopted by organisations wishing to implement the ESR interface to UIM: i) Implementing UIM and the ESR interface to UIM in parallel, as one integrated project; or ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 9 of 30
ii) Implementing UIM alone with the implementation of the interface at a later date. The advantages of implementing UIM and the interface in parallel, as one integrated project are: • Organisations will realise the benefits of the interface sooner (resulting in improved information governance, data integrity, cost savings, immediate removal of access to clinical systems for leavers); • Minimal data set up on UIM as people will not need to be linked individually to Access Control Positions; • ESR workstructures will be considered at the time the NHS CRS Access Control Positions are defined, thus reducing the risk of rework; • Organisations can use ESR to facilitate the issuing of Smartcards; • ESR Implementation support will be available at the time the interface is implemented; • The ESR interface functionality may inform changes to HR/RA process integration reducing the need for process re-work in the future. The disadvantages of not implementing UIM and the interface in parallel, as one integrated project are: • Organisations will take longer to realise the benefits of the interface between ESR and UIM (improved information governance, cost savings, immediate removal of access to clinical systems for leavers); • Extensive data set up will be required in UIM, which will be redundant post activation of the interface. Employee records will need to be linked individually to NHS CRS Access Control Positions in UIM. This is redundant work once the interface is deployed as the employees will be linked via their positions in ESR; • NHS CRS Access Control Positions may need to be reworked if ESR is not considered at the time UIM is implemented; • Dual data entry for new smartcards. Organisations will be unable to utilise the HR data available in ESR to facilitate the issuing of Smartcards; • ESR Implementation support may not be available at the time the interface is implemented. The advantages of implementing UIM alone, with the implementation of the interface at a later date are: • UIM implementation costs are low, and it’s benefits represent ‘low hanging fruit’, as governance benefits can be delivered early; • Implementation can be achieved well in advance of the Calendra shut off; • Ability to manage change in a less complex and phased manner; • Positions managing positions can be deployed early (which is less likely to be involved in deployment of the Interface); managing as it does short term access issues for non employees; • Will deal with the uncertainty of PCTs in particular with implementing a solution based on current staff configurations and organisational structures; The disadvantages of not implementing UIM alone, with the implementation of the interface at a later date are: • Slow adoption of the new technology and adoption of its benefits; • Calendra cut off date represents an organisational risk;
7.2. Requesting interface activation (Step 3b) Further information regarding the availability of interface activation dates and data load slots is available here. The ESR Regional RPP Project Managers are able to provide further advice and guidance regarding the implementation activities. To request an interface activation date organisations should e-mail firstname.lastname@example.org with the following information: • • •
Organisation name (including the ESR VPD if known); Required interface activation date; Confirmation that a data load is required.
The NHS ESR Data Team will then confirm allocation to a go-live date and data load. Note: The interface activation dates and data loads are subject to availability. Allocation will be on a strictly first come first served basis. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 10 of 30
Defining how ESR will link to UIM (Step 3c)
There are three key links between data in ESR and UIM: 1. 2. 3. 4.
ESR positions mapped to UIM NHS CRS Access Control Positions; ESR organisational units in workstructures matched to worklists in UIM; Defining Sponsor(s) and mapping these to the ESR workstructures hierarchy; Identify NACS (National Administrative Codes Service) code(s) and map this to the ESR workstructures hierarchy.
Each of the links is considered in the following sections.
7.3.1. Positions mapping and linking The key to driving access control from ESR via the interface to UIM is the linking of positions in ESR to NHS CRS Access Control Positions in UIM. Defining NHS CRS Access Control Positions Using the Position Based Access Control (PBAC) methodology, as explained in the PBAC toolkit, will enable organisations to define a number of NHS CRS Access Control Positions which can be subsequently set up in UIM. These NHS CRS Access Control Positions define the access rights to NHS CRS applications needed by staff to do their job. Understanding ESR positions An ESR position identifies the post/job that exists within each organisational unit as defined in the workstructures in ESR. Positions are defined with certain default information such as grade and staff group which are inherited as defaults when an employee is attached to a position via their assignment. Depending on the size of the organisation there may be hundreds or thousands of positions in ESR because they cover the full range of jobs performed in each of the departments within an organisation. Mapping the positions For the ESR interface to work, the ESR positions need to be mapped to the UIM positions. It is expected that several ESR positions will map to the same Access Control Position in UIM. A number of positions in ESR will have no need to access NHS CRS systems and therefore mapping will not apply (for example, Estates staff). Conversely there may be certain NHS CRS Access Control Positions which have no match in ESR because they relate to non-employed staff. Examples include Pharmacists and GPs for PCTs and students, locums and consultants for acute trusts. It is suggested that the mapping is done using a spreadsheet created from the ESR organisation positions analysis report that shows all the positions in ESR. By grouping the positions by job role, staff group, occupation code etc. it should then be possible to map an Access Control Position to each group of ESR positions. The Access Control Position related to each ESR position can then be entered as an extra column in the spreadsheet. Please note that only one Access Control Position can be linked to each ESR position. â€˘ Note that the mapping exercise may suggest changes to your local ESR workstructures set up. â€˘ See Appendix 3 for an example of how positions map between ESR and UIM. Approving the mapping Once the mapping table has been completed, it must be reviewed by those locally responsible for Information Governance to ensure that it accurately defines the requirements for access to NHS CRS systems for each ESR position. Finally, a senior person within Information Governance and/or HR must sign off the mapping. This sign-off is essential to ensure that there is sufficient audit and accountability for the automated inheritance of access rights that will be driven via the interface between ESR and UIM. Organisations must have defined a minimum of one Access Control Position which has been mapped to a corresponding ESR position(s) prior to the activation of the ESR interface to UIM.
Page 11 of 30
Following the activation of the interface, the NHS CRS Access Control Positions will need to be created in UIM, downloaded to ESR and then manually linked to appropriate ESR position(s) in accordance with the formally agreed mappings. Further details regarding this activity are provided within the implementation section of this guidance. Why is position linking done manually in ESR? It is necessary for the workstructures administrator to manually link each appropriate ESR position to its mapped equivalent Access Control position in UIM following the activation of the interface. It is appreciated that some organisations may have a considerable number of positions to link and that this will be a time consuming exercise. This position linking needs to be completed manually for the following reasons: 1. Position by position linking allows organisations to manage deployment in a controlled and staged manner; 2. Position by position linking reduces the likelihood of error as it only impacts those users assigned to each position at a time. A check can be performed for each group of users to ensure that the correct access has been granted after each link is carried out, making support and deployment more manageable; 3. If an upload were to be performed, it would have to be based on a pre-agreed mapping table and the set up and definition of the NHS CRS Access Control Positions. If there were any inaccuracies in either it could result in users either losing approved access or gaining unapproved access. This would in turn lead to local issues to discover, manage and rectify those errors. This is seen as an unacceptable risk.
7.3.2. Worklist mapping Worklists, or lists of actions to be addressed, are how users of UIM manage all types of transactional processing related to the granting and revocation of access for users of NHS CRS applications. • • • •
Worklist actions can be performed by RA Managers, Agents and Sponsors. All interface transactions from ESR which update UIM are managed via worklists. Some actions will automatically update data in UIM, others will stay on the worklist for granting or for further action (e.g. create new users or approval for a change of name). Determine whether one or more worklists are required based on whether more than one organisation is supported, whether Sponsors have particular areas of responsibility (e.g. surgery or medicine); whether there is an RA function at different sites; whether RA Agents have specific responsibilities (e.g. clinical worklist, SUS worklist etc). Note: It is recommended that organisations start with one worklist and add others as required post implementation. It will then be possible to map the worklists to the equivalent organisational units in the workstructures hierarchy in ESR.
Prior to the activation of the interface the required worklists will need to be created in UIM, downloaded to ESR and then attached to the appropriate level in the ESR workstructures hierarchy (as per the agreed mappings). Further details regarding this activity are provided within the implementation section of this guidance.
7.3.3. RA Sponsors mapping A sponsor from a Registration Authority perspective is an individual nominated by the organisation executive to approve changes in NHS CRS relating to access to applications for end users. These may be line managers for a group of staff. A number of different sponsor functions can be defined in UIM. The sponsor roles that will relate to ESR are ‘B1300 - Approve RA Requests’ ,B0002 ‘Approve RA Requests (Sponsorship Rights)’ and B0272 ‘Approve RA Requests (Advanced)’. These are the equivalents to the existing sponsor role used to approve requests to grant access for users to NHS CRS applications. As part of the implementation of UIM, organisations will need to determine who the Sponsors will be. Once this has been determined, the Sponsors will need to be mapped to the equivalent employee record in ESR, as applicable: • Some Sponsors may be external to the organisation. In this case they will still need an ESR employee record and a relevant person type such as ‘Honorary’; • It is assumed that the NHS CRS users, for whom the sponsor is approving, are also on ESR with an employee record. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 12 of 30
Prior to the activation of the interface the required Sponsor(s) will need to be set-up in ESR and then attached to the appropriate level in the ESR workstructures hierarchy (as per the agreed mappings). Further details regarding this activity are provided within the implementation section of this guidance.
7.3.4. Identify and map NACS The NACS code is used to differentiate organisations within NHS CRS. This may or may not have a one to one relationship to an ESR VPD. It is therefore necessary to map the NACS code to the correct level in the organisational hierarchy in workstructures. Note this should already have been completed as part of the move of ESR to NHS CRS Smartcard access but should be confirmed prior to interface activation.
7.4. Define a deployment strategy (Step 3d) It is anticipated that a number of organisations will have completed the definition and mapping of all NHS CRS Access Control Positions to ESR positions prior to the implementation of UIM. For organisations that adopt this approach, there are two broad ways in which the interface functionality can be deployed across the organisation (post interface activation): a)
‘Big Bang’ Approach Following the activation of the interface, all relevant ESR positions can be linked to their mapped NHS CRS Access Control Positions. As soon as the links are made ESR will take control of the access for employees who have successfully had their UUID loaded and the eGIF flag set ‘Y’, confirming that their identity checks are complete. Resources will need to be provided in the immediate period following activation of the interface to provide support to end users. This is in order to highlight and correct any discrepancies as soon as they arise and ensure that no loss of required and agreed access occurs. Where users report differing access rights from those that they had previously, or from which they were expecting, the definition of the NHS CRS Access Control Positions on UIM and the mapping of these to the ESR positions should be checked first. If these are correct as per agreements then it must be explained to the user why their access has changed.
Phased Approach A phased approach can be taken by breaking down the user base into groups. Grouping can be either organisational by departments or staff groups or by users of specific NHS CRS compliant systems. Organisations will need to define in advance which group goes live at what date and adjust training and support strategies to suit. Even if the phased approach is adopted organisations must consider the implications for multiple assignment holders.
Organisations that have not fully completed PBAC prior to implementing UIM can still activate the interface in parallel as long as a minimum of one Access Control Position has been mapped to a corresponding ESR position. This will allow for the progressive deployment of the interface across the organisation as and when further NHS CRS Access Control Positions are mapped and then linked to ESR positions.
7.5. Training and solution integration (Step 3e) All users of the ESR interface functionality will need to receive some form of training on the solution. A range of materials has been supplied by the NHS ESR Central Team to assist with training of users. These consist of: 1. ESR Online User Manual The existing user manual has been updated in line with the changes introduced into ESR relating to the interface functionality. The online user manual is available to all NHS organisations. 2. ESR interface to UIM e-learning courses A series of e-learning courses using ‘captivate’ sessions have been created by the NHS Team covering all of the business process scenarios relating to the ESR interface to UIM. These ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 13 of 30
captivate sessions step users through the screens and allow them to practice as they progress through the course. NHS Connecting for Health has also provided guidance material in relation to UIM functionality, which can be accessed via http://nww.connectingforhealth.nhs.uk/iim The introduction of both UIM and the ESR interface will necessitate a review of working practice to ensure that the benefits of using the new functionality are achieved. The training materials should therefore be used to inform the integration of the technical solutions with business processes in advance of implementation. The technical solution may also inform the integration of HR/RA processes to provide further benefit (refer to the HR/RA integration toolkit for further guidance).
7.6. Baseline Current Processes via the Benefits Matrix (Step 3f) It is recommended that organisations assess the current processes that will be impacted by the move to the ESR interface prior to the project commencing. Examples include: how long does it take to enter starter information along with their identity checks into both ESR and NHS CRS or how long does it take from a new starter arriving at work before they are granted access via NHS CRS to the systems needed to do their job. These baseline timings can then be compared to the situation after implementation to assess the time and cost savings and therefore the value and effectiveness of the project. A benefits assessment matrix is available via http://www.esrsolution.co.uk/iim/ and should be used to baseline the current position in terms of time and costs involved in managing current working practices so that this can be compared to the position following project completion.
7.7. Key Considerations (Step 3g) 7.7.1. Determining who should use the RA functionality in ESR The RA functionality in ESR falls into either the new RA URPs or the Workstructures Administration URP (see Appendix 2 for further details). Users of the new RA URPs must be RA Managers or Agents. The allocation of these URPs to ESR users will very much depend on an organisations progress in relation to HR/RA process integration. If the role of the RA Agent has been merged with that of HR then it will be appropriate for one of the ‘HR with RA’ URPs to be allocated. If, however, organisations have determined that the role of the RA Agent performs no HR functions then the ‘RA Workbench’ URP can be allocated. This allows RA Agents to access ESR purely to manage NHS CRS lookups and identity checks only. In the case of external RA service provision the ‘RA Workbench’ URP will be the most appropriate to allocate. The functionality to link NACS code, RA sponsor, worklists and positions is incorporated into the local Workstructures Administration URP and is therefore accessible to all users who have that URP allocated to their user profile in ESR. Position linking is a significant event in that it confers access rights automatically to all employees assigned to an ESR position. Organisations should therefore review all existing users of this URP to ensure that it is appropriate for them to perform this function. Additionally a procedure should be put in place that ensures that linking of positions cannot take place without a signed off mapping between the two types of positions (by a senior manager with responsibility for approving NHS CRS Access Control Positions i.e. with the activity code B0272 Approve RA Requests (Advanced)). As a result, the role of the workstructures administrator will now encompass RA and these users should receive the necessary training to become RA Agents.
7.7.2. Multiple assignment (job) holders Special consideration needs to be given to those employees with multiple assigned ESR positions, where each position confers different access rights. It should be noted that it is only possible to link one Access Control Position to each ESR position at a time. As a result, when the first ESR position an employee holds is linked to an Access Control Position, ESR will take control of the user records in UIM, remove all pre-existing access rights defined in the SUD and grant those associated with the relevant newly linked Access Control Position. At this point these ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 14 of 30
employees will not have access rights which are conferred by another position until such time as the other position(s) is / are linked in the same way. Additionally any other employees with assignments to the position that has just been linked will have their access rights changed accordingly. Each of those employees may in turn have other assignments to further ESR positions with different links to NHS CRS Access Control Positions. As a result the act of linking one position may create a ripple effect or ‘Spiders Web’ across many different employees and their assignments. It is therefore essential to know in advance who all the multiple assignment holders are in ESR so that the relevant links can be made immediately following each other to ensure no loss of access rights and to ensure that the consequences of each link are understood. In order to prepare for this a positions analysis report may be run from ESR showing all multiple assignment holders and their positions.
7.7.3. Management of temporary staff Consideration of how temporary staff are managed is required. All temporary staff with a requirement to access NHS CRS applications will need to do so via an NHS CRS Smartcard. There are a number of scenarios: • Where temporary staff are managed by an agency, these staff will be employees of the agency and as such no set up in ESR is required. Within UIM these staff will need to be given time limited profiles associated to relevant UIM NHS CRS Access Control Positions for the times when they are working for a particular organisation. Organisations may need to consider defining bank specific NHS CRS Access Control Positions on UIM if the bank staff carry out duties that are different from other staff within that position or the bank staff member’s usual role. Otherwise they should be associated to one or more existing NHS CRS Access Control Positions relevant to the job they have been brought in to do. • Where temporary staff are employees of an NHS organisation they will have employee records on ESR. Typically these staff may also have a substantive ESR position as their primary assignment and another secondary assignment to a bank position. For these staff it is therefore suggested that a number of extra positions are established in ESR specifically for bank staff on a per department basis (e.g. medical, surgical, A&E etc). These extra positions on ESR can then be mapped and linked to equivalent NHS CRS Access Control Positions in UIM. • Where organisations have temporary staff with ESR employee records that work on an infrequent basis they can be set up as above but access can be removed during the inactive periods by changing their assignment status in ESR to ‘Inactive – not working’ which will temporarily revoke access until the assignment status is changed back to ‘Active’. • If access is required outside of assigned positions (i.e. to cover a short term staff issue) then organisations will need to use Short Term Access Smartcards (in line with local RA procedures) and assign the required access rights via UIM. • Other non-employed temporary staff such as students, volunteers and locums may be added to ESR with a relevant person type. This ensures that they will not get paid by the system whilst allowing them to be assigned to an ESR position which will, in turn, be linked to an Access Control Position on UIM to allow them relevant access to NHS CRS.
7.7.4. Workstructures assessment Prior to, or during, the mapping of ESR positions to NHS CRS Access Control Positions there is an opportunity to review the set up of workstructures within ESR. The structure may not have been assessed for some time and it is possible that certain changes are required to bring it up to date. Organisations should ensure that: • Workstructures correctly reflect the organisational hierarchy; • There is consistency of information held in the position title and grade description fields. Both of these are free text and it is possible that there are inconsistencies which will make analysis for mapping purposes difficult; • All employees are assigned to the correct position for the job that they perform. Many organisations, especially PCTs, either have remodelled or plan to remodel their workstructures due to mergers/demergers and the change to commissioning and provider services. The two exercises could be conducted at the same time to save revisiting the same information at a later stage. • Redundant positions are removed. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 15 of 30
In some situations, mappings may indicate that more than one Access Control Position applies to a single ESR position (for instance where ‘bucket’ positions have been used). It is only possible to link one Access Control Position to each ESR position. The options available are to either merge the NHS CRS Access Control Positions into a single position if appropriate or, if not, to split the position in ESR by creating a new position and reassigning the employee(s) to the new position.
7.7.5. Pay cut off periods One of the key benefits of the design of the ESR interface to UIM is that transactions take place in real time. Access is granted immediately for new starters and revoked immediately for leavers. This is one of the key objectives of the Integrated Identity Management initiative due to the requirement to ensure that: • starters can be productive immediately, and; • those leaving the organisation are not in a position to be able to access data inappropriately after they have left. A number of ESR payroll service providers and internal payroll functions impose an input cut off period before a payroll is processed. After this point, no further transactions which have an impact on pay (including starters and leavers), can typically take place until after the payroll has been run. This is done in order to check that input is correct before running the payroll. It is known that many providers impose a period of several days and in some cases up to two weeks before a payroll is run. This situation is in clear conflict with the aims of Integrated Identity Management and ESR best practice. ESR imposes no restrictions on when a payroll can be run. All transactional input is fed into the payroll up to the point that the processing takes place. Best practice using the ‘End to End Processes’ for ESR indicates that there is no requirement to impose a pay cut off period. Often payroll departments do this as a continuation of legacy practice and, whilst this may be understandable if the quality of input from outside of payroll is variable, it does not address the root cause of the problem. A number of options are available to assess and resolve issues with inaccurate input at source. These may include: • Revision of process and procedure, referring to the ESR Payroll Best Practice document (M3025); • Checks being established to ensure that initial input is accurate as opposed to a full recheck prior to the pay run (use of the employee checklist event log in ESR has been used to good effect by some payroll providers allowing a daily check of pay affecting changes being input to ESR); • Retraining of inputters; or • Payroll staff to work more closely with departments where input is undertaken. There is an initiative between the NHS ESR Central Team and McKesson to ensure that payroll functions are adopting best practice for processing payrolls using ESR. This initiative has involved meeting with payroll providers to review and evaluate the statistics as well as undertaking workshops and presentations to payroll special interest groups, key payroll service providers and providing support and guidance in order to reduce the pay cut off period. As a result, all organisations should review their policy with regard to payroll processing to initially assess whether such a pay cut off period is in operation and if so of what duration this is. The aim should be to reduce any such period to one or two days at most. This may be done by using the suggestions above in conjunction with a renegotiation of the terms of the contract / service level agreement with your payroll provider where this is external to your organisation.
7.7.6. Employee Matching and Linking Organisations deploying the interface will have a number of employees in ESR who have, or will need to have, access to NHS CRS applications. These employees will already have, or need to have, a record on the Spine User Directory (SUD). For the ESR interface to function, the employee records in ESR will need to be matched and then linked to their equivalent records in the SUD. The actual link between the two systems at employee level is achieved by adding the Unique User Identifier (UUID) from the SUD record into the ESR employee record. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 16 of 30
Organisations deploying the ESR interface to UIM will have a number of employees in ESR who have, or will need to have, access to NHS CRS applications. These employees will already have, or need to have, a record on the Spine User Directory (SUD). For the ESR interface to function, the employee records in ESR will need to be matched and then linked to their equivalent records in the SUD. The actual link between the two systems at employee level is achieved by adding the Unique User Identifier (UUID) from the SUD record into the ESR employee record. Organisations requesting activation of the interface will be offered a free data load service by the NHS ESR Data Team. This will facilitate the loading of the UUID and e-GIF flag into ESR, for all matching records between ESR and NHS CRS. The data load will ensure that all ESR person records are linked to the appropriate record on NHS CRS prior to the activation of the interface. The data load will utilise a similar procedure as that used for loading the UUIDs of ESR users during the ESR Smartcard enablement programme. A data extract will be taken from both ESR and NHS CRS and run through a data matching tool. This will produce a report of records that can be successfully matched between ESR and NHS CRS. A successful match will require the NI Number, Surname and Forename to be the same in both ESR and NHS CRS. The NHS CRS UUID and e-GIF flag for matching records will then be loaded into ESR on the agreed load date. Records that cannot be successfully matched between ESR and NHS CRS will not be loaded into ESR. Prior to the data load taking place organisations will be provided with data matching reports detailing any data cleansing that may be required on either NHS CRS or ESR. The records must be cleansed in advance of the data load in order for the UUIDs to be loaded into ESR. Further details regarding data matching are available within the M-3980 NHS CRS to ESR data matching user guidance. Prior to the ESR interface to UIM being activated it is possible for organisations to manually enter UUIDs into ESR (refer to the ESR online user manual for further details). However, it must be noted that, following the activation of the interface, manual entry of UUIDs into ESR will not be possible. The interface lookup functionality will be the only method of assigning a UUID to an employee in ESR. How new starter employee records are linked to the SUD once the interface is activated When the interface is fully implemented, identity checks will be managed in ESR and will set a flag to indicate that they are at e-GIF level 3 (flag set to ‘E’). Following this, a user in ESR can perform a lookup on the SUD which returns a list of the closest matches. If the equivalent record is found it can be then be selected which will pull the UUID into ESR thereby making the link (association). Where no record is found a request is sent, via the appropriate worklist, to a user in UIM who ‘grants’ access to NHS CRS thereby adding a new user record on the SUD. Once the new NHS CRS user has been added the association can then be performed (at which point the e-GIF flag is set to ‘Y’ in ESR). The ESR interface will ‘control’ person details in UIM for all employees on ESR who: • Are identity checked to e-GIF level 3 (e-GIF flag set to ‘Y’ in ESR) and • Have a UUID entered against their record (via lookup or data load). Following this, a user in UIM cannot make any changes to the person details in UIM, any name changes in ESR overwrite those in UIM, (following a grant step by an RA Agent in UIM). Additionally, the ESR interface will ‘control’ access rights for all employees on ESR who are assigned to an ESR position which is linked to an NHS CRS Access Control Position. Following this, the employee’s access rights to NHS CRS are controlled by the access rights defined by the Access Control Position which is linked to the employee’s assigned ESR position. ESR control is only released when an employee leaves (and is terminated on ESR) or no longer has an active ESR position that is linked to an NHS CRS Access Control Position.
Page 17 of 30
Note regarding ‘Single Sign-on’ ‘Single Sign-on’ is a term used where NHS CRS and the Smartcard are used to manage access to other systems such as building control systems, car park access systems and general IT systems access. If large numbers of users who are also employees with a record on ESR have been added to NHS CRS for the purposes of Single Sign-on they should still be linked to ESR via the above methods. This will allow a single point of data entry and control from ESR. One or more generic NHS CRS Access Control Positions will need to be created in UIM (carrying no access control rights). These will need to be mapped to the relevant ESR position and then linked following interface activation.
7.7.7. Maintaining the position mappings and links It is important that whenever new ESR positions are defined in organisations that it is determined whether the jobs defined by those positions require NHS CRS access and consequently a map/link to an equivalent Access Control Position. Conversely, when new NHS CRS Access Control Positions are defined these will need to be mapped and linked to ESR positions as appropriate. Processes will need to be in place to ensure these considerations are taken in to account when new ESR positions/NHS CRS Access Control Positions are defined. The mappings of ESR positions to NHS CRS Access Control Positions will also need to be approved as deemed appropriate by each organisation.
7.7.8. Considerations for ESR Access following interface activation In order to access ESR via Smartcard it is necessary for a user to be identity checked to e-GIF level 3 and have a record created on NHS CRS as per the RA Registration Process. During the creation of the record on NHS CRS a UUID is generated by the system and allocated to the user. ESR access via Smartcard is provided by linking the UUID between ESR and NHS CRS; the ESR access rights are determined via the User Responsibility Profiles (URPs) within the ESR system. Prior to interface activation it is possible for the UUID to be manually entered into ESR, or populated via the UUID data load service provided by the NHS ESR Data Team. Post interface activation, the interface lookup facility will be the only method of assigning UUIDs in ESR. For users to access ESR via Smartcard the Identity Agent (IA) authentication process requires a Role or Activity to be assigned within NHS CRS (i.e. via an Access Control Position in UIM or Activity code in Calendra); there is not however a Role or Activity specifically required for ESR access. It is therefore recommended that the Activity or Role of R8008 is used (as this has no other baseline activities associated with it), unless the user has an existing Role/Activity for access to NHS CRS Applications.
ESR Access Post Interface Activation Following the activation of the interface a staff member may have access to NHS CRS applications as a result of an ESR position being linked to an NHS CRS Access Control Position. The link between the positions will result in a message being sent to UIM defining the necessary access rights to NHS CRS applications (as per the agreed position mappings). If the staff member subsequently moves out of the ESR position that is linked to the NHS CRS Access Control Position (or the assignment is made inactive) this will result in a message being sent via the interface removing access to all NHS CRS applications for the user at that organisation (assuming the staff member has no other ESR positions linked to NHS CRS Access Control Positions at that organisation). Consequently, the user will no longer have a Role or Activity on NHS CRS meaning that they will also be unable to access ESR. In this scenario there are two options that may be considered to ensure continued access to ESR: a) Define an NHS CRS Access Control Position for ESR Access – Defining an NHS CRS Access Control Position for ESR access, and linking this to the appropriate ESR positions, will provide continued access to ESR in the event of access to NHS CRS applications being revoked (assuming the staff member has been assigned an ESR position linked to the NHS CRS Access Control Position relating to ESR access). Following the linking of positions no further manual intervention would be required to assign/remove the R8008 Activity (i.e. as this would be managed via the interface).
Page 18 of 30
b) Manually assign the R8008 Activity via an Access Control Position in UIM – Alternatively, the R8008 Activity can be manually assigned in UIM (via an NHS CRS Access Control Position). This can only take place after access to all NHS CRS applications has been revoked via the interface, which results in control of the record on NHS CRS being returned to UIM from ESR (i.e. allowing amendments to access rights in UIM). If the staff member subsequently leaves the organisation, or no longer requires access to ESR, the NHS CRS Access Control Position will need to be manually removed from the user profile in UIM. This is not therefore the preferred approach.
7.7.9. Management of Identity Checks in ESR Following the introduction of the NHS Employment Check Standards in March 20081, ESR has been enhanced to allow organisations to both record identity checks and to fulfil the requirements of the interface between ESR and UIM. Organisations may currently undertake identity checks at various stages throughout the recruitment/hire/registration process in order to satisfy the NHS Employers Check Standards and Registration Authority requirements. It is therefore possible that a new starter at an NHS organisation may, at present, have their identity checked (which usually requires them to be physically present with appropriate documentation) several times. The employment check standards have been designed in conjunction with those used by Registration Authorities (RA) to check user identity to the required standard (e-GIF level 32) for access to NHS CRS. The ESR interface to UIM has been designed to assist with streamlining processes, especially those for identity check management between ESR and NHS CRS. It is recommended, that organisations review existing practices in order to improve the experience for the new starter and to ensure that there is maximum efficiency of the process in terms of both time and cost.
How does ESR help to manage identity checks? Identity checks can be recorded at both the recruitment stage and at applicant hire in ESR. All checks previously completed during recruitment are visible to the user at applicant hire stage (if they have used ESR to record these). The checks performed at both stages maybe the same; however those at the applicant hire stage must be performed by an RA Agent and will allow the verification of identity to e-GIF level 3. This will set an internal flag in ESR to indicate that the employee has had their identity checked to this standard. It is then possible, following activation of the ESR interface to UIM, to search NHS CRS for matching user record for the new employee and to perform various steps to link the records. The e-GIF flag in ESR is only set at the applicant hire stage. Identity checks for employees who do not need NHS CRS access should still be carried out to NHS Employers check standards either at recruitment or applicant hire stage. The following general rules provide the framework within which organisations need to manage identity checks for the purpose of access to NHS CRS: • In order for an individual to access NHS CRS someone with the status of an RA agent must check identity to e-GIF level 3. • e-GIF3 documents include a passport, driving licence and any number of proof in the community (address) documents. • An RA agent must record verification of identity checks at the point of applicant hire. At present this is only done directly in NHS CRS. Following the activation of the ESR interface to UIM the verification of identity checks can be conducted in ESR (for the employed user base) without the need for further checks to be recorded in NHS CRS. • A photograph must be taken of the individual to be printed on their NHS CRS Smartcard. This must be stored in NHS CRS. 1
See www.nhsemployers.org/employmentchecks for more information The Electronic Government Interoperability Framework: security standards for access to government systems, adopted by NHS Connecting for Health (NHS CFH) to define identity check standards for access to NHS CRS applications. 2
Page 19 of 30
How will the introduction of integrated HR/RA processes and the interface impact identity check management? The integration of HR/RA processes, and the introduction of the interface between ESR and UIM, can streamline the ID checking process at employee hire stage so that ID is checked once (i.e. in ESR only and not again by RA). This is achieved by setting the e-GIF status in ESR on applicant hire and transmitting all relevant information to NHS CRS (thereby saving the need to re-check and record identity in NHS CRS). The ID checking performed in ESR at hire must be undertaken by an RA Agent. For all users of NHS CRS who are not employees, identity checks can still be recorded independently in NHS CRS / UIM. Where the integration of HR/RA identity checks has not been completed, or is being managed in a devolved manner or by recruitment teams (independently of central HR) then there may be additional factors for consideration. A number of scenarios are therefore considered below:
a) What if my current process is to record all identity checks at recruitment stage? If organisations capture and record identity checks as part of the recruitment process currently it is possible to continue this practice. The verification of identity is, however, essential at applicant hire stage and this can only be performed by HR users (who are themselves RA Agents) or RA agents using one of the new URPs introduced as part of the implementation of the ESR interface to NHS CRS (HR data entry with RA, HR administration with RA and RA workbench). It is recommended that organisations streamline the process as much as possible to avoid duplication and to ensure that the experience from the perspective of the new starter is as smooth as possible.
b) What about devolved HR? In some organisations HR is managed from more than one location either as satellite HR functions or where an HR role is incorporated into individual departments. In these scenarios there is no, or limited central HR, and the recruitment / hire and identity check processes are managed locally. In such cases some organisations chose, as part of their ESR implementation, to use â€˜Devolved HR URPsâ€™. This means that the HR data entry and HR administration URPs have been amended to allow users in each directorate / division to see and manage only the group of employees for whom they are responsible. The new RA URPs can also be devolved in this way. This will allow identity checks to be managed in ESR at applicant hire stage by local HR administrators (who would also need to become RA agents). This would effectively mean that RA would also need to be devolved to each location where there is devolved HR.
c) What about Self Service? Where Manager Self Service is in use managers can perform applicant hires but cannot perform the identity checks as this functionality is not available in Self Service (In order to perform the identity checks all managers would need to be RA Agents). Following activation of the interface: when a manager using Self Service hires an applicant into an ESR position which carries NHS CRS access rights (by virtue of a linked UIM access control position) then the applicant will appear on the RA workbench. Users of the workbench (whether centralised or otherwise) will then need to carry out the verification of identification in ESR to set the eGIF flag prior to being able to perform the look up on NHS CRS.
Page 20 of 30
8. Step 4 – Implementation A number of activities must be completed in UIM and ESR prior to the activation of the ESR interface to UIM. The activities that must be completed as part of the implementation are summarised below:
8.1. UIM set-up tasks (Step 4a) The set-up of UIM must be completed prior to the ESR set-up activities being undertaken. The key activities that must be completed in UIM are summarised below: • • • • • •
Reassess the roles and responsibilities of RA Managers, RA Agents and Sponsors; Set-up RA Staff in Calendra; Set-up workstations being used for UIM activity; Create a minimum of one worklist in UIM; Approve and grant a minimum of one Access Control Position in UIM; Approve National Terms and Conditions.
Instructions regarding the set-up of UIM, including a 2 page quick reference guide, are available within the User Identity Manager Implementation Guide which can be downloaded from http://nww.connectingforhealth.nhs.uk/iim/implement Timeframe for completion: The UIM set-up activities must be completed no later than 2 weeks prior to the interface activation date that has been agreed with the NHS ESR Central Team.
8.2. ESR set-up tasks required prior to interface activation (Step 4b) Upon completion of the UIM set-up activities, the following must be completed in ESR prior to the activation of the interface: • • • • •
Define a supplementary role for RA Sponsor(s) and allocate these to the ESR organisation hierarchy; Allocate and assign one or more users with the NHS CRS RA Agents notification role; Download the Worklist(s) from UIM and allocate to the ESR organisation hierarchy; Ensure the correct NACS code has been allocated to the ESR organisation hierarchy; Allocate the appropriate RA URPs to one or more ESR users.
Instructions for the completion of the above activities are available within the ESR set up pre interface activation quick reference guide. Timeframe for completion: The ESR set-up activities outlined above must be completed no later than 2 weeks prior to the interface activation date that has been agreed with the NHS ESR Central Team.
8.3. Activate the ESR interface to UIM (Step 4c) The ESR interface to UIM will be activated on the date agreed with the NHS ESR Central Team, provided that the UIM and ESR set-up activities have been completed within the agreed timeframes. If the UIM and ESR set-up activities, outlined in steps 4a and 4b, have not been completed it will not be possible for the NHS ESR Central Team to activate the interface. Following the activation of the interface, any updates to the ESR fields listed below (for employee records that have a UUID and are identity checked to e-GIF level 3) will result in messages being sent to UIM reflecting the changes to personal details. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 21 of 30
• • • • • • • • •
Title Surname First name Middle name NI Number Date of Birth Email address (Person Form) Work phone number (Phones Form) Work mobile number (Phones Form)
The interface will not however transmit any messages relating to changes in access rights until ESR positions have been linked to NHS CRS Access Control Positions.
8.4. ESR set up tasks required post interface activation and deployment (Step 4d) Following the activation of the interface it is necessary for the NHS CRS Access Control Positions that have been created in UIM to be downloaded and linked to the appropriate ESR position(s). The linking of ESR positions to NHS CRS Access Control Positions must be completed in accordance with the mappings that have been formally agreed by each organisation. Performing the link automatically grants or changes access rights on NHS CRS, based on the definition of the Access Control Position in UIM. This will be applicable to all the employees assigned to that position who have their UUID populated in ESR and are identity checked to e-GIF level 3 (i.e. e-GIF flag set to ‘Y’ in ESR). The ESR set up post interface activation quick reference guide provides instructions regarding the download of NHS CRS Access Control Positions from UIM into ESR and the linking of these NHS CRS Access Control Positions to ESR positions (as per agreed mappings). The document also provides an overview of key aspects of the interface functionality and links to the elearning training material. Timeframe for completion: The ESR set-up activities should be completed as soon as possible following the activation of the interface.
ESR Positions should be linked to NHS CRS Access Control Positions in line with the agreed deployment strategy at each organisation. As further NHS CRS Positions are defined in UIM these can be downloaded to ESR and linked to ESR positions as per the agreed mappings.
9. Step 5 – Post implementation review and assessment Following the completion of their deployment of the ESR interface, Organisations should aim to assess the results and effectiveness of the changes to process, procedure and the use of the technical solutions. Some suggestions are given here: • Conduct a lessons learned exercise to document the positives and negatives of the project; • Complete the benefits matrix post implementation to assess the benefits realised; • Where the initial deployment strategy was for a limited part of an organisation, ensure that the initiative is maintained to complete the rollout for the remainder; • Work with other organisations in the same region to share learning; • The Central Team will continue to provide support post implementation but it should be noted that there are contracted end dates for the NHS ESR RPP Project Managers (March 2011) and the NHS ESR Data Team (March 2011). As such they will not be available beyond these dates. Organisations should take these dates into consideration and, where possible, aim to complete all key activities before these times.
Page 22 of 30
Appendix 1 – Key terminology The following terms are relevant to this document and have been extracted from the full Glossary of terms available via http://www.esrsolution.co.uk/iim/ • Access Control Position. An NHS CRS Access Control Position is defined in UIM and contains a set of access rights which have been approved and granted through the RA process. NHS CRS users can be associated to NHS CRS Access Control Positions directly in UIM or via the ESR interface. • Assignment. The assignment in ESR provides the link between employee and position. Each employee will have at least one assignment but may have more if they do more than one job. The assignment holds contractual data such as the grade, hours worked etc • e-GIF. Policies and standards to enable information to flow seamlessly across the public sector and provide citizens and businesses with better access to public services. All users of NHS CRS must be identity checked to e-GIF level 3. • ESR – Electronic Staff Record. The Electronic Staff Record (ESR) is the integrated Oracle Human Resource Management System (HRMS) (including Payroll) in use by the vast majority of organisations within the NHS; hosted and maintained by McKesson plc. • ESR Position. A position identifies the post/job that exists within each organisational unit as defined in the workstructures in ESR. Positions can be defined with certain default information such as grade and staff group which are inherited as defaults when an employee is attached to a position via their assignment. It will be possible to link positions in ESR to equivalent positions in UIM to be used for access control. • Integrated Identity Management – The development of closer integration between the currently separate processes involved in capturing and managing staff identity, and controlling access to the NHS Care Records Service (NHS CRS). • NHS CRS – NHS Care Records Service. The NHS Care Records Service will help NHS organisations in England to store patient health care records on computers that will link information together quickly and easily. An NHS CRS Smartcard will give a user access to the NHS CRS and other National Programme for IT applications such as Choose and Book and the Electronic Prescription Service. • PBAC – Position Based Access Control. The PBAC methodology groups access control requirements by job allowing for any number of employees to share generic access rights based on what they do rather than who they are. • RA Agent. Works under the direction of the RA Manager to administer the RA function. They are responsible for performing registration and maintenance of Sponsors and health care professionals/workers in the organisation(s) that the RA Agent holds this profile for. They also ensure that National and local RA processes are followed. • RA Sponsor. Sponsors approve access and the issue of NHS CRS Smartcards and are usually the line manager of users. In UIM Sponsors will manage approvals via worklists. • SUD – Spine User Directory. The Spine User Directory is the repository which stores users’ profiles and registration information both current and historic includes roles and organisations that an individual works for. • UIM – User Identity Manager. The new software which will provide the electronic management of access control which is replacing the current paper based registration process. • UUID – Unique User Identifier. The User’s Unique ID Number is used by all NPfIT applications to uniquely identify the user to the application. The UUID is the number displayed on the NHS CRS Smartcard. Occasionally called the UID (Unique ID Number). ESR will also hold the NHS CRS UUID against employee records so that it can validate that the employee has an active authenticated entry on NHS CRS. • Worklist. Worklists group actions in UIM, users login to their worklists to manage actions and approvals. ESR will automatically access and update worklists for many types of change initiated in ESR such as request for a new user, change access requirements based on positions and changes to personal details. • Workstructures. Workstructures is the area of ESR that allows the definition and management of the organisation structure and hierarchy within an NHS Organisation. Workstructures are hierarchical and consist of organisational units, departments, locations and positions. A specific URP manages workstructures. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 23 of 30
Appendix 2 – ESR interface to UIM functionality table Function
Area / URP
HR Data Entry with RA URP
HR Administration with RA URP
RA Workbench URP RA Workbench
New URP (user responsibility profile) which is the same as the existing HR data entry URP but additionally provides access to the RA workbench, employee lookups from the person form and the ability to search and view UIM from the Assignment form. New URP which is the same as the existing HR Administration URP but also provides access to the RA workbench, employee lookups from the person form and the ability to search and view UIM from the Assignment form. New URP which only provides access to the RA workbench and the identity checks form. This is a new screen available to all 3 new URPs (above). The workbench is intended to be used by RA Agents to manage the lookup and validation of all new starters / changes on ESR where there is a need for them to have access rights on NHS CRS. The workbench: • Shows all employees on ESR linked to an ESR position with an associated Access Control Position but who have not completed their identity checks or who have not been linked to an NHS CRS record. • Allows SUD lookups for each employee and returns the 10 closest matching records. • Enables to association between ESR records and UIM records, where a match is found or allows a request to the UIM user to create a new record or open a closed record. • Notification of a change made in UIM (e.g. creation of a new record) appears on the workbench for action by the RA Agent in ESR. ESR needs to know which employees are RA Sponsors in order to send messages across the interface to the correct Worklist in UIM. A new Supplementary Role of ‘NHS CRS Sponsor’ has been defined which will need to be allocated to all such employees. As part of the UIM implementation the NHS CRS sponsor roles must have been agreed and set up in UIM. The equivalent Sponsors will then need to be set up in ESR. Once employees have the new supplementary role of RA Sponsor allocated – and have had their ID validated to e-GI level 3 standard – they will appear in a list selectable against organisational units in workstructures. Selection of a Sponsor against an organisation unit indicates that they are the Sponsor for all organisational units and positions below the one selected. Any employees assigned to such positions will inherit the sponsor. When interface activities take place relating to an employee the system will search up the organisational tree until it finds a sponsor. The name of the sponsor will be used to send an update to the relevant worklist in UIM. For most transactions Sponsors will be deemed
HR data entry with RA; HR Administration with RA; RA only
RA Sponsor Supplementary Role
RA Sponsor association to organisational hierarchy
Page 24 of 30
RA Agent role
Area / URP
Local Systems and User Administration>Maintain Roles Workstructures
Identity checks and the e-GIF flag
Existing HR Administration and HR Date Entry URPs HR data entry with RA; HR Administration with RA; RA Workbench URP
Employee lookups from ESR to NHS CRS
HR data entry with RA; HR Administration with RA; RA Workbench URP
Purpose to have pre-approved the change in which case UIM is updated automatically. For others the sponsor in UIM will be required to approve the update first. A new role of ‘NHS CRS RA Agent’ has been defined to which all RA Agents who are required to receive notifications on business errors should be allocated. The NACS code is used to differentiate organisations within NHS CRS. This may or may not have a one to one relationship to an ESR VPD. It is therefore necessary to link a NACS code to the correct level in the organisational hierarchy in workstructures (by means of the addition of the code selected from a list of values to an organisational unit within the top 3 levels of the hierarchy). Note this should already have been completed as part of the move of ESR to Smartcard access. A new Verification of Identity check form in ESR (accessible from the person form and following applicant hire) will now automatically set an e-GIF flag to ‘E’ provided that all the checks are completed correctly. The e-GIF flag value of ‘E’ indicates that the employee is identity checked to e-GIF level 3. This then allows access in ESR to search for records in UIM. Records in UIM can then be associated ESR records and the flag will be set to ‘Y’. Worklists (action queues in UIM) need to be registered in ESR in order for the interface to send updates to the correct Worklist in UIM. The worklists need to be set up first in UIM; then a request to create / update the Worklist list of values in ESR is made from the workstructures administration URP. Once the refresh completes it will be possible to select a relevant Worklist against an organisational unit in workstructures from a list of values. Before performing any such link a mapping between worklists and the organisational hierarchy in workstructures needs to be made. The key to driving access control from ESR via the interface to UIM is the linking of positions in ESR to NHS CRS Access Control Positions in UIM. Once the positions are built in UIM a request to create / update a UIM list of positions within ESR can be run. When this completes a new list of values will be accessible in the position editor in ESR against a new field which will store the UIM position identifier. Only one Access Control Position can be linked to each ESR position. Performing the link will automatically grant or change access rights on NHS CRS (based on the definition of the Access Control Position in UIM) for all employees assigned to that position. Lookups are provided via the RA workbench and the ESR Assignment form. A lookup is only possible when all identity checks have taken place and ESR has set the e-GIF flag to ‘E’. The lookup accesses the NHS CRS Spine User Directory (SUD) and returns the 10 closest matches to the employee in ESR. It is possible to select a matching record which then returns the UUID from the Spine and stores it in ESR. The records are then deemed to be associated (eGIF flag is automatically set to ‘Y’ and ESR will control any further updates for that person in UIM.
Page 25 of 30
Area / URP
HR, Self Service, RA URPs, Payroll, Workstructures
Purpose Where a match is not found it is possible to send a request via the interface to the UIM user to create a new record. Where a match to a closed record is found it is possible to send a request to the UIM user to reopen the record. Once the records are associated a further lookup of the employee photo is enabled from the ESR Person form. The following are the main types of changes that trigger automatic interface activity where employee records in ESR are linked to SUD records: • Employee personal details change (name etc). • Change of assignment status (e.g. to one of the types of long term absence which will revoke access rights to NHS CRS). • Move of a person’s assignment from one position to another position where one or other of the positions has an associated NHS CRS Access Control Positions (this may result in an automatic change of access rights in NHS CRS). • Addition of a secondary assignment to a position which has an associated Access Control Position (may confer additional access rights in NHS CRS). • Terminations (automatic revocation of access). • Linking (or change of link) of an ESR position to an Access Control Position in UIM. This will automatically grant or change access rights on NHS CRS (based on the definition of the Access Control Position in UIM) for all employees assigned to that position.
Page 26 of 30
Appendix 3 – Mapping ESR positions to NHS CRS Access Control Positions
The following diagram illustrates how jobs map to ESR positions and how ESR positions then map to NHS CRS Access Control Positions.
Staff Nurse Nightingale Ward
Staff Nurse Nightingale Ward
Staff Nurse Nightingale Ward
Staff Nurse Seacole Ward
Staff Nurse (Prescriber) Seacole Ward
Staff Nurse Seacole Ward
Staff Nurse James Ward
Staff Nurse (Prescriber) James Ward
THE JOB PEOPLE DO
Staff Nurse Nightingale Ward Staff Nurse Seacole Ward
Staff Nurse (Prescriber) Seacole Ward Staff Nurse (Prescriber) James Ward
THE ESR POSITION THEY HOLD FOR HR PURPOSES
“Medical Ward Staff Nurse” All of whom require the same access to the NHS CRS
“Medical Ward Staff Nurse (Prescriber)” All of whom require the same access to the NHS CRS
THE “ACCESS CONTROL” POSITION THEY HOLD FOR ACCESS TO THE NHS CRS
Page 27 of 30
Appendix 4 – Integrated Identity Management project team roles and responsibilities Implementing Integrated Identity Management will involve a number of key workstreams: including PBAC, Data Cleansing, UIM set-up and ESR set-up activities. To co-ordinate these different workstreams an organisation should establish a team that can deliver the project. The formality and membership of this project team will vary according to the strategy adopted and organisation size. A sample project organisation chart is given below:
The following roles may be required to support the implementation of Integrated Identity Management.
Executive sponsor Naming an executive sponsor for the project is strongly recommended. All organisations will already have a senior manager with overall responsibility for access control at board level. Alternatively, an HR director or deputy director, or existing ESR executive sponsor would be a suitable choice for this role. Ideally, the executive sponsor will also be a trust board member. The executive sponsor should support the project and promote its aims and benefits throughout the organisation. Responsibilities include: • Support and communicate the goals and benefits of the project throughout the organisation. • Act as a point of escalation to assist the project Manager or team members with issues which may arise. • Provide resource or support resource requests to assist with the delivery of the project goals. • Liaise with senior management as required. • Liaise with members of the ESR and NHS Connecting for Heath teams as necessary for either progress management or escalation of issues.
Project board A project board may also be set up to oversee the delivery of Integrated Identity Management. Alternatively the executive sponsor may report progress to the trust board. Where a project board is created, members should be drawn from all key areas affected by the project including HR, RA, IT and line management representatives. Responsibilities include: • Act as point of escalation for the issues relating to project implementation activities. • Endorse overall policy in relation to Integrated Identity Management. ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 28 of 30
Make decisions based on input from the project Manager and other implementation leads. Attend regular board meetings for the duration of the project.
Project Manager The role of the Project Manager or Lead provides day to day control of the project and is the main contact with the NHS ESR Central Team in relation to IIM. This role may fall to an existing ESR Project Manager, the RA Manager or other project management resource in the organisation. Their role is to ensure the successful co-ordination and completion of tasks in each of the workstreams across the organisation. Responsibilities include: • Establishment of the project in conjunction with key members of the implementation team. • Overall responsibility, management and control of the project on behalf of the organisation(s) involved. • Management of reporting mechanisms for the project. • Responsible for signoff/approval or for gaining executive signoff / approval for key deliverables • Communication and change management. • Project evaluation and benefits realisation. • Point of escalation for all project-related issues from the implementation team. • Resource management to ensure delivery within the projected timetable. • Reviews with implementation team and management / board / Sponsors, as required. • Creation and management of the Project Plan, actions/issues/risks logs and other project control documentation. Role of the project support officer The role of project support officer may be beneficial to maintain project control documentation, act as central point of contact, and progress updates on outstanding tasks with members of the project team. The requirement for this role should be assessed according to the scope and scale of the programme, budget, skills and resources available. Responsibilities include: • Maintenance of all project control documents, such as Actions/Issues/Risks Logs, Status Reports and Project Plans. • Act as a central point of contact for the project for internal/external lines of communication. • Progress of updates to actions, issues and risks logs following team meetings. • Co-ordination of progress meetings.
Project leads A number of different functions within the organisation need to come together to ensure the success of the project. These will be typically represented by RA, HR, ESR expert users, IT and line managers from representative departments. Together these leads will make up the core of the project team. Note that some of these roles maybe performed by the same person.
Role of the RA lead The RA project lead will manage and monitor progress of project activities within the RA. The RA Lead will be expected to work closely with the HR Lead with whom many of these responsibilities will be shared. It is possible that the RA lead is the same person as the HR lead especially where HR and RA functions are already integrated.
Role of the HR lead The HR lead will manage and monitor progress of project activities within the HR and ESR user communities, and work closely with the RA lead (see note above – the two roles may be performed by the same person). This will include the mapping of NHS CRS Access Control Positions to ESR positions and the interface to ESR.
Role of ESR expert users Existing ESR expert users will be required to assist with key areas of implementation, especially the ESR interface.
Page 29 of 30
1. ESR workstructures administrators It is expected that existing ESR workstructures administrators will have a significant role in supporting the project. 2. ESR systems administrators ESR systems administrators, who currently manage user access to ESR, will be required to assist with the move of access from traditional user ID and password to NHS CRS Smartcard (where this is not already complete). 3. ESR Reporting Experts The reporting solution for ESR is known as ‘Discoverer’. Within your organisation one or more experts will be trained in the use of this tool. Due to the introduction of enhanced functionality for the management of RA within ESR extra information will be available for reporting. As such the Discoverer experts will need to be on hand to assist with determining new reporting requirements and the set up of those reports.
Role of the IT lead IT will be needed to assist with the rollout of NHS CRS Smartcard access to ESR users (where this is not already complete): - Upgrades to installation on local PCs (UIM, IA12) for UIM users; - Reconciliation of local infrastructure issues (e.g. network, firewall access etc.).
Role of stakeholder line managers It is recommended that representatives from a number of departments be involved to bring an end user perspective on how the project is managed and the impact of the changes that Integrated Identity Management will bring. Responsibilities include: • Review proposals for change and assess impact • Inform the implementation team of requirements from user base • Communicate with end users • Raise awareness of the profile of the project • Assist with the transition from current working practices to new processes and new systems.
Responsibilities of the project team Collectively the team is responsible for the following key tasks: • Communication of delivery issues to the Project Manager • Liaison with line management to manage transition of process and systems usage • Specific responsibilities for: - Defining roles and responsibilities between and within HR and RA functions including the use of ESR and UIM; - Definition work for Position Based Access Control (PBAC); - Mapping of NHS CRS Access Control Positions to ESR positions; - Corrections to existing ESR workstructures based on learning from the PBAC and positions mapping exercises; - Implementation tasks associated with UIM; - Implementation tasks associated with the ESR interface; - Reporting expertise to assist with determining reporting requirements and set up of the reports; - Upgrades to installation on local PCs (UIM, IA12) for UIM users; - Reconciliation of local infrastructure issues (e.g. network, firewall access etc.).
Page 30 of 30