/ESR-RPP0010_ESR_Interface_to_UIM_Deployment_As

Page 1

INTEGRATED IDENTITY MANAGEMENT (IIM) ESR INTERFACE TO UIM: DEPLOYMENT ASSESSMENT

Approvals: Paul Spooner ESR Programme Director (Acting) David Booth Interface Team Manager

Author: Date: Document Ref: Version:

Date: Date:

Chris Price 14 July 2011 ESR-RPP0010: ESR Interface to UIM: Deployment Assessment v 1.1

1. Contents 1. Contents.................................................................................................................................... 2 2. Introduction.............................................................................................................................. 3 3. Deployment Assessment Process..........................................................................................3 4. ESR Interface to UIM: Deployment Assessment – Assessment for <insert trust name>. . .4 5. Possible Assessment Outcomes and Next Steps..................................................................8

tmpst2h5C

Page 2 of 9

2. Introduction

This document is the ESR Interface to UIM: Deployment Assessment and is relevant to organisations that have activated the ESR interface to UIM as part of a strategic approach to Integrated Identity Management (IIM). The assessment should be completed locally by organisations and used as a Quality Control checkpoint to confirm the completion of the Integrated Identity Management implementation and specifically that of the deployment of the ESR interface to UIM. Successful completion of the assessment will ensure that the interface functionality is being fully utilised to maximise benefit realisation and also identify areas where further support and guidance may be required. The details of organisations that have successfully completed the Deployment Assessment will be published on the ESR IIM Web page. The activities being measured within the assessment were selected because of their critical nature in completing the deployment of the ESR interface to UIM. The purpose of the assessment is to ensure that your organisation has successfully completed the deployment of the ESR interface to UIM.

3. Deployment Assessment Process

The following section outlines the specific process for completing the Deployment Assessment. •

The ESR RPP Regional Project Manager is responsible for organising a meeting with your organisation to go through the assessment criteria.

The meeting will require specific evidence to verify the completion of the stated criteria. It is the responsibility of the organisation to deliver this.

If necessary the organisation, with advice from the ESR RPP Regional Project Manager, and where necessary the Central Teams, will produce a corrective action plan for any specific criteria that is incomplete.

If the assessment confirms that the Deployment Assessment is complete then the organisation has completed the deployment of the ESR interface to UIM. The checkpoint assessment should then be signed by the IIM Executive Sponsor and returned to the ESR RPP Regional Project Manager.

If the assessment confirms that any of the criteria is incomplete then the escalation procedure, described in Section 5 will be activated.

The details of organisations that have successfully completed the Deployment Assessment will be published on the ESR IIM Web page.

tmpst2h5C

Page 3 of 9

4.

ESR Interface to UIM: Deployment Assessment – Assessment for <insert trust name>

Either embed evidence in this document or use the Deployment Assessment Spreadsheet provided below. Interface Deployment Assessment v0.3.xls

ESR Interface to UIM Deployment Assessment – Criteria and Evidence Required Actions IIM Strategic Decision

HR, RA Process review and integration

Mandatory / Recommended Mandatory

Mandatory

Assessment Criteria Strategic decision communicated by the IIM Executive Sponsor and has the Trust Board Support. Further details available via the strategic decision toolkit. Review and revise process and procedure

Yes / No Yes / No

Yes / No

ESR Interface to UIM Business Process Scenarios document.

HR, RA processes integrated.

Yes / No

Further details available via the HR/RA integration toolkit.

Position Based Access Control (PBAC)

Mandatory

Position Based Access Control – Definition of NHS CRS Access Control Positions. Further details available via the PBAC toolkit.

tmpst2h5C

Confirmation from Trust Board or Executive with responsibility for HR or IG of decision. Letter / email provided to the ESR RPP Regional Project Manager. Note: This activity should have been completed prior to activation.

Further details available via the ESR -RPP0009

Recommended

Example / Evidence

Yes / No

Using the Business Process Pack and experience of using the interface functionality, review all local process and procedures impacted by the introduction of the ESR interface to UIM. Produce revised local processes (flowcharts) and procedures (documented procedure) as evidence. This should include agreed processes for new starters, completing identity checks, changes to person details, changes to positions/position linking etc. Processes integrated between HR and RA as evidenced by single point of identity checks, time for granting and revocation of access to NHS CRS for starters and leavers is ideally within 1 day and confirmed by the Information Governance Executive or Caldicott Guardian. NHS CRS Access Control positions have been defined and applicable to all areas of the organisation where NHS CRS applications are in use. Signed off mapping table based on a list of all ESR positions with maps to equivalent NHS CRS Access Control Positions. Signoff must be by an Executive with responsibility for information governance. Formal letter / email / board minutes required.

Page 4 of 9

ESR Interface to UIM Deployment Assessment – Criteria and Evidence Required Actions

Mandatory / Recommended Mandatory

Assessment Criteria Processes in place for definition and approval of future ESR Positions and NHS CRS Access Control Positions.

Yes / No Yes / No

Further details available via the PBAC toolkit.

Example / Evidence New ESR positions may require NHS CRS access and consequently a map/link to an NHS CRS Access Control Position. Conversely, when new NHS CRS Access Control Positions are defined these will need to be mapped and linked to ESR positions as appropriate. Processes need to be in place to ensure these considerations are taken into account when new ESR positions/NHS CRS Access Control Positions are defined. The mappings of new ESR positions to NHS CRS Access Control Positions will need to be approved as deemed appropriate by each organisation.

ESR Interface Deployment

Mandatory

Processes in place for the review of NHS CRS supplementary roles defined in ESR. The ESR NHS CRS Sponsor supplementary role has been reviewed following interface activation and additional sponsors defined and added to the workstructure hierarchy where appropriate.

Yes / No

Produce revised local processes (flowcharts) and procedures (documented procedure) as evidence. Confirmation from the IIM Project Lead that the NHS CRS Sponsor/NHS CRS RA Agent supplementary roles assigned in ESR have been reviewed and are fit for purpose. Evidence of processes in place to review the NHS CRS Sponsor/ NHS CRS RA Agent supplementary roles periodically.

The ESR NHS CRS RA Agent supplementary role has been reviewed following interface activation and additional RA Agents defined where appropriate. Further details available via the ESR-RPP0007

ESR set-up preactivation quick reference guide.

tmpst2h5C

Page 5 of 9

ESR Interface to UIM Deployment Assessment – Criteria and Evidence Required Actions

Mandatory / Recommended Mandatory

Assessment Criteria The ESR NHS CRS notification roles (below) have been reviewed following interface activation and amendments made where required.

Yes / No Yes / No

Example / Evidence Confirmation from the IIM Project Lead that the NHS CRS notification roles assigned in ESR have been reviewed and are fit for purpose. Evidence of processes in place to review the NHS CRS notification roles periodically.

NHS CRS RA Agents NHS CRS Add Employee Errors NHS CRS Add Applicant Errors

Further details available via the ESR-RPP0007

ESR set-up preactivation quick reference guide. Mandatory

The ODS/NACS code in ESR has been reviewed following interface activation and accurately reflects organisation structure.

Yes / No

Evidence of processes in place to review periodically.

Further details available via the ESR-RPP0007

Note: Any amendments to the ODS code in ESR should be discussed with the ESR RPP Regional Project Manager before being updated in ESR.

ESR set-up preactivation quick reference guide. Mandatory

The Worklist(s) defined in ESR has been reviewed following interface activation and additional Worklists have been added to the workstructure hierarchy where appropriate.

Confirmation from the IIM Project Lead that the ODS/NACS code assigned in ESR is accurate.

Yes / No

Confirmation from the IIM Project Lead that the Worklist(s) assigned to the ESR hierarchy have been reviewed and are fit for purpose. Evidence of processes in place to review periodically.

Further details available via the ESR-RPP0007

ESR set-up preactivation quick reference guide.

tmpst2h5C

Page 6 of 9

ESR Interface to UIM Deployment Assessment – Criteria and Evidence Required Actions

Mandatory / Recommended Mandatory

Assessment Criteria Ensure the allocation of the following ESR RA URPs (User Responsibility Profiles) has been reviewed following interface activation and are only assigned to RA Agents.

Yes / No Yes / No

Example / Evidence User report from ESR listing appropriate users and their user profiles. Confirmation from the IIM Project Lead that only RA Agents have access to the RA URPs. Evidence of processes in place to review periodically.

xxx HR Data Entry (With RA) xxx HR Administration (With RA) xxx RA Workbench xxx NHS Recruitment & Applicant Enrolment Administration Navigator (With RA)

Further details available via the ESR-RPP0007

ESR set-up preactivation quick reference guide. Mandatory

The linking of ESR Positions to NHS CRS Access Control Positions is complete.

Yes / No

Further details available via the ESR-RPP0008

ESR set-up post activation quick reference guide.

Recommended

Training strategy defined

Yes / No

The linking of ESR positions to NHS CRS Access Control Positions is complete for all employees within the scope of the implementation. Confirmation from the IIM Project Lead that deployment is complete. This should reference the number of staff members managed via the interface and an explanation provided for employees requiring access to NHS CRS but considered outside the scope of the implementation. Based on the training options / materials available produce a strategy for how all existing and new ESR users will be trained in the new interface functionality. A documented training strategy will be required as evidence.

The above assessments are complete and accurate, and have been evidenced as described above. Signed ………………………Executive Sponsor

Date ………………….

Signed ………………………ESR RPP Regional Project Manager Date ………………….

tmpst2h5C

Page 7 of 9

5. Possible Assessment Outcomes and Next Steps The possible outcomes from the checklist will be one of: •

Scenario 1: The Deployment Assessment confirms the completion of all mandatory and recommended criteria.

Scenario 2: The Deployment Assessment confirms the completion of all mandatory criteria but some or all of the recommended criteria is incomplete.

Scenario 3: The Deployment Assessment confirms that some or all of the mandatory criteria and some or all of the recommended criteria is incomplete.

The table below shows the three scenarios and the actions to take when the Deployment Completion Assessment has been completed. Scenario 1

2

tmpst2h5C

Mandatory Complete

Complete

Recommended Complete

Not Complete

Action • Organisation’s Project Manager / Lead delivers report to the Project Board (may also be attended by the ESR RPP Regional Project Manager). •

Subject to Project Board ratification the organisation has completed the deployment of the ESR interface to UIM.

The Checkpoint Assessment (Word document) should be signed by the organisation’s IIM Executive Sponsor and returned to the ESR RPP Regional Project Manager.

Organisation’s Project Manager / Lead delivers report to the Project Board (may also be attended by the ESR RPP Regional Project Manager).

Organisation’s Project Manager / Lead identifies and informs the Project Board on possible quality impact of incomplete recommended criteria.

Organisation’s Project Manager / Lead advises the Project Board on remedial actions to rectify incomplete recommended criteria.

Organisation’s Project Board agrees to undertake remedial actions.

Subject to Project Board ratification the organisation has completed the deployment of the ESR interface to UIM with agreed actions and timeframes in place to complete outstanding activities.

The Checkpoint Assessment (Word document) should be signed by the organisation’s IIM Executive Sponsor and returned to the ESR RPP Regional Project Manager. Page 8 of 9

Scenario

Mandatory

3

Not Complete

tmpst2h5C

Recommende d Not Complete

Action •

Organisation’s Project Manager / lead delivers report to the Project Board (may also be attended by the ESR RPP Regional Project Manager).

Organisation’s Project Board understands reasons for failing to complete the assessment.

Organisation’s Project Board agrees and commits to corrective actions within timeframes agreed with the ESR RPP Regional Project Manager.

Organisation’s Project Board and ESR RPP Regional Project Manager agree timeframes for completing the assessment and resubmitting to the Project Board.

Page 9 of 9

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.