6. Step 2 – Ensure all pre-requisites are complete The deployment of the ESR interface to UIM requires the following pre-requisites to have been completed: Pre-Requisite Strategic decision regarding choice of implementation model based on the ‘Developing a Strategy for Integrated Identity Management’ Smartcard enabled access to ESR for core users
Reason / Outcome It is assumed that organisations reading this guidance have decided to adopt the interface as part of their approach to integrated identity management (see ‘Developing a Strategy for Integrated Identity Management’). The Strategic decision should be formally communicated to the NHS ESR Regional RPP Project Manager. All NHS organisations within England are moving to NHS CRS Smartcard facilitated ESR access as part of the drive to improve information governance for all personal identifiable data held by the NHS. The transition to Smartcard enabled ESR access ensures staff data is secured to the same level as patient data and provides ESR users with the e-GIF level 3 security clearance in order to effect changes on NHS CRS via the ESR interface to UIM. The NHS ESR Data Team has been working closely with organisations to remove username and password access to ESR user accounts (a process known as URP lockdown). As a prerequisite to the activation of the ESR interface to UIM all ESR User Responsibility Profiles (URPs) must be locked down with the exception of the NLMS (National Learning Management System) and Employee Self Service URPs. Click here for further details regarding the ESR Smartcard enablement project.
Position Based Access Control (PBAC) – based on the PBAC toolkit. A minimum of one Access Control Position must be defined and mapped to a corresponding ESR position prior to activating the ESR interface to UIM.
Any questions regarding the Smartcard enablement of ESR users should be directed to esr.smartcard@nhs.net. Using the Position Based Access Control (PBAC) methodology (as explained in the PBAC toolkit) enables organisations to define a number of NHS CRS Access Control Positions which can be subsequently set up in UIM. These NHS CRS Access Control Positions define the access rights to NHS CRS applications needed by staff to do their job. In order for the interface to operate, the definition and relationship between ESR positions and NHS CRS Access Control Positions needs to be established. The mapping between NHS CRS Access Control Positions and ESR positions needs to be defined as part of the PBAC work so that it is clear which jobs, as defined by ESR positions, relate to which NHS CRS access rights. This mapping needs to be formally approved and signed off before the implementation of the interface commences. It is anticipated that organisations will have completed PBAC (including the mapping of ESR positions to NHS CRS Positions) prior to the implementation of UIM. It is however possible for organisations to activate the interface with a minimum of one Access Control Position mapped to a corresponding ESR position. This will allow the Access Control Position(s) to be downloaded to ESR and then linked to the appropriate ESR Position(s) as part of the implementation. Further NHS CRS Access Control Positions can be created in UIM if required, and then downloaded into ESR allowing for a progressive rollout of the interface functionality within an organisation.
ESR-RPP0005_ESR_Interface_to_UIM_Implementation_Approach_Guide_v1.0.doc
Page 8 of 30