Presentation is loading. Please wait.

Presentation is loading. Please wait.

ESR Interface to UIM: Doc Ref: ESR_Interface_to_UIM_TCS_Guide_v1 Transforming Community Services (TCS) Workshop

Similar presentations


Presentation on theme: "ESR Interface to UIM: Doc Ref: ESR_Interface_to_UIM_TCS_Guide_v1 Transforming Community Services (TCS) Workshop"— Presentation transcript:

1 ESR Interface to UIM: Doc Ref: ESR_Interface_to_UIM_TCS_Guide_v1 Transforming Community Services (TCS) Workshop rface_to_UIM_TCS_Guide_v1_02.pdf

2 Agenda Purpose of the workshop Background information How the ESR interface to UIM works Implications of TCS for IIM Implications of TCS for the ESR interface to UIM –ESR soft split –ODS restructure –Configure ESR following ODS restructure –ESR VPD restructure Next steps – What do I need to do next? Questions

3 Purpose of the workshop The Transforming Community Services (TCS) programme supports the vision of the Government’s White paper. ‘Equity and Excellence: Liberating the NHS’. TCS is working closely with Strategic Health Authorities (SHAs) to ensure Primary Care Trusts (PCTs) separate commissioning of services from provision, commencing April The TCS programme will have implications for the tools that have been introduced to support IIM: –UIM; –ESR interface to UIM.

4 Integrated Identity Management (IIM); Background information IIM allows organisations to make significant cost savings by combining the parallel activities involved in verifying employee identity and allowing access to computer systems linked to the NHS Spine (NHS CRS). Strategic approaches to IIM: –UIM; –ESR interface to UIM. Calendra support withdrawn from 31 st March 2011.

5 The ESR interface to UIM: Pre-requisites and Configuration The set-up activities have implications for the way in which messages are sent to UIM post interface activation. This is therefore relevant to the TCS discussion. –UUID Data Load –UIM set-up activities –ESR set-up activities ODS/NACS code(s) Worklist(s) Sponsor(s) ESR VPD1 UIM ODS A Worklist A Flow of messages via the interface

6 ESR interface to UIM (High Level Overview) Mandatory Employment Checks ESR Position Access Control Position Access Control Position Access to NHS CRS Compliant Applications Defined in UIM Grant/Revoke Person Update Associate UUID Change to ASG Status AssignmentLink ESR PERSON RECORD UIM USER RECORD Active/InactiveSet e-GIF flag Define/amend and download

7 The ESR interface to UIM: How it works The association of the ESR person record to the NHS CRS user record will result in the following: –E-GIF flag set to “Y” in ESR; –UUID populated in ESR from NHS CRS. Following association messages can flow between ESR and NHS CRS. –Person details locked once a modify user request is granted. –Person and access details are locked once the ESR Position linking is completed. If ESR person record is assigned an ESR position linked to NHS CRS Access Control Position a message will be sent to UIM granting access - it will not be possible to amend access rights in UIM from this point.

8 The ESR interface to UIM: Implications of TCS Organisations will undergo restructuring which will result in staff members crossing organisational boundaries. This will need to be reflected in NHS CRS (ODS code) and ESR (VPD). The movement of staff between NHS CRS/ODS and ESR/VPD is likely to take place within differing timeframes. Local configuration changes may be required as a result.

9 It is anticipated that the ODS restructure will take place prior to the ESR VPD restructure. The timeline of events is therefore expected to be: Organisations legally merge NHS CRS ODS restructure ESR VPD restructure The ESR interface to UIM: Implications of TCS

10 VPD 1 (PCT) (Commissioner + Provider) ODS A (Commissioner + Provider) VPD 2 (Acute) (Provider) ODS B (Provider) Relationship between VPD and ODS (Current status)

11 The ESR interface to UIM: Implications of TCS VPD 1 (PCT) (Commissioner + Provider) ODS A (Commissioner) VPD 2 (Acute) (Provider) ODS B (Provider) Relationship between VPD and ODS (Post ODS restructure) ODS B (Provider) Provider arm staff transfer from ODS A to ODS B

12 The ESR interface to UIM: Implications of TCS VPD 1 (PCT) (Commissioner) ODS A (Commissioner) VPD 2 (Acute) (Provider) ODS B (Provider) Relationship between VPD and ODS (Post VPD restructure) Provider arm staff Transfer to VPD 2

13 The ESR interface to UIM: Implications of TCS Step 1 Source VPD completes ‘soft split’ Step 2 Undertake the ODS restructure Step 3 Configure ESR following ODS restructure Step 4 Complete ESR VPD restructure

14 Step 1 – Complete ESR ‘Soft Split’ Communicated by ESR User Notice 1241 on 6 th September VPD is restructured and data partitioned by use of separate structures/payrolls within the single VPD. Organisations that have activated the interface need to ensure the NHS CRS Access Control Positions are unique to the sub-organisation. VPD 1 (PCT) VPD 1 (Commissioner) VPD 1 (Provider) ODS A (Commissioner + Provider)

15 Step 2 – Undertake ODS restructure Supported by the NHS CfH ODS Team using OMS (Organisation Migration Service) tools to migrate users, associated access profiles and NHS CRS Access Control Positions from one ODS to another. The ‘Migration of Spine Smartcard Users OMS Process for User Migration’ provides further details. Available for download from: services/data/sds/user-migration The above document defines the process for identifying: –Which users need to be migrated; –The system used to manage each user; –NHS CRS Access Control Positions to be migrated; –Migration method to be used for each user.

16 Step 3 – Configure ESR following the ODS restructure Configuration of the interface will be influenced by the interface activation status at both the Source and Target VPD. –Scenario 1 - Source Active/Target Active Source and Target VPD have both activated the interface. –Scenario 2 – Source Active/Target Inactive Source VPD has activated the interface but the Target VPD has not. –Scenario 3 – Source Inactive/Target Active Source VPD has not activated the interface but the Target VPD has. –Scenario 4 – Source Inactive/Target Inactive Neither the Source nor Target VPD have activated the interface.

17 Scenario 1 – Source Active/Target Active Option 1 – Manage person details and access rights at ODS B via the interface at VPD 1 (preferred option) VPD 1 (PCT) Interface Active VPD 1 (Commissioner) VPD 1 (Provider) ODS A (Commissioner) ODS B (Provider) VPD 2 (Acute) Interface Active ODS B (Provider) Flow of messages from ESR to UIM via the interface Predecessor positions

18 Supplementary information NHS CRS access rights and person details for those users that have transferred to ODS B will continue to be managed via the interface at VPD1. Employees not assigned ESR positions linked to NHS CRS Access Control Positions can continue to have access at ODS B managed via UIM or Calendra. Predecessor positions can be defined at ODS B to maintain access to ODS A (if required). The NHS CfH ODS Team can facilitate the copying of NHS CRS Access Control Positions from ODS A to ODS B as part of the ODS restructure. A number of configuration changes will be required in ESR to achieve this configuration.

19 Configuration changes required in ESR Action 1 – VPD1 needs to submit a service request (SR) for ODS B to be added against VPD1 (At a time agreed with ODS B). Action 2 – The NHS CRS Access Control Positions and Worklists defined in UIM at ODS B will then need to be downloaded to VPD1. Action 3 - All users transferring from ODS A who have access managed via the interface must be assigned NHS CRS Access Control Positions defined in ODS B. –Automatically –Manually Action 4 – Update ODS and Worklist at appropriate level in the ESR hierarchy (i.e. within the ESR soft split). Action 5 – Review NHS CRS sponsor supplementary role and RA notification role. Action 6 – Remove predecessor links at a time agreed with ODS A and ODS B.

20 Scenario 1 – Source Active/Target Active Option 2 – Continue to manage person details and access rights via the interface at VPD1/ODS A and manage access rights at ODS B via UIM or Calendra VPD 1 (PCT) Interface Active VPD 1 (Commissioner) VPD 1 (Provider) ODS A (Commissioner) ODS B (Provider) VPD 2 (Acute) Interface Active ODS B (Provider) Flow of messages from ESR to UIM via the interface Access managed via UIM

21 Supplementary information Access rights for users that have migrated to ODS B would continue to be sent to ODS A via the interface, until NHS CRS Access Control Positions have been unlinked from ESR positions at VPD1. Person detail updates will continue to be sent to ODS A via the interface from VPD1. The NHS CfH ODS Team can facilitate the copying of NHS CRS Access Control Positions from ODS A to ODS B as part of the ODS restructure. The staff members can be linked to NHS CRS Access Control Positions in VPD2 upon completion of the ESR restructure. No additional configuration changes will be required in ESR at VPD1.

22 Scenario 2 – Source Active/Target Inactive Option 1 – Manage person details and access rights at ODS B via the interface at VPD 1 (preferred option) VPD 1 (PCT) Interface Active VPD 1 (Commissioner) VPD 1 (Provider) ODS A (Commissioner) ODS B (Provider) VPD 2 (Acute) Interface Inactive ODS B (Provider) Flow of messages from ESR to UIM via the interface Access managed via UIM Predecessor positions

23 Supplementary information NHS CRS access rights and person details for those users that have transferred to ODS B will continue to be managed via the interface at VPD1. Employees not assigned ESR positions linked to NHS CRS Access Control Positions can continue to have access at ODS B managed via UIM or Calendra. Predecessor positions can be defined at ODS B to maintain access to ODS A (if required). The NHS CfH ODS Team can facilitate the copying of NHS CRS Access Control Positions from ODS A to ODS B as part of the ODS restructure. A number of configuration changes will be required in ESR to achieve this configuration.

24 Configuration changes required in ESR Action 1 – VPD1 needs to submit a service request (SR) for ODS B to be added against VPD1 (At a time agreed with ODS B). Action 2 – The NHS CRS Access Control Positions and Worklists defined in UIM at ODS B will then need to be downloaded to VPD1. Action 3 - All users transferring from ODS A who have access managed via the interface must be assigned NHS CRS Access Control Positions defined in ODS B. –Automatically –Manually Action 4 – Update ODS and Worklist at appropriate level in the ESR hierarchy (i.e. within the ESR soft split). Action 5 – Review NHS CRS sponsor supplementary role and RA notification role. Action 6 – Remove predecessor links at a time agreed with ODS A and ODS B.

25 Scenario 2 – Source Active/Target Inactive Option 2 – Continue to manage person details and access rights via the interface at VPD1/ODS A and manage access rights at ODS B via UIM or Calendra VPD 1 (PCT) Interface Active VPD 1 (Commissioner) VPD 1 (Provider) ODS A (Commissioner) ODS B (Provider) VPD 2 (Acute) Interface Active ODS B (Provider) Flow of messages from ESR to UIM via the interface Access managed via UIM

26 Supplementary information Access rights for users that have migrated to ODS B would continue to be sent to ODS A via the interface, until NHS CRS Access Control Positions have been unlinked from ESR positions at VPD1. Person detail updates will continue to be sent to ODS A via the interface from VPD1. The NHS CfH ODS Team can facilitate the copying of NHS CRS Access Control Positions from ODS A to ODS B as part of the ODS restructure. The staff members can be linked to NHS CRS Access Control Positions in VPD2 upon completion of the ESR restructure. No additional configuration changes will be required in ESR at VPD1.

27 Scenario 3 – Source Inactive/Target Active VPD 1 (PCT) Interface Inactive VPD 1 (Commissioner) VPD 1 (Provider) ODS B (Provider) VPD 2 (Acute) Interface Active ODS B (Provider) Flow of messages from ESR to UIM via the interface Access managed via UIM ODS A (Commissioner)

28 Supplementary information The NHS CfH ODS Team can facilitate the copying of NHS CRS Access Control Positions from ODS A to ODS B as part of the ODS restructure. If the users being transferred to ODS B still require access to ODS A this can be achieved via the definition of predecessor positions at ODS B in UIM. No additional configuration changes will be required in ESR at VPD1 or VPD2. The staff members can be linked to NHS CRS Access Control Positions at VPD2, and therefore managed via the interface, upon completion of the ESR restructure.

29 Scenario 4 – Source Inactive/Target Inactive VPD 1 (PCT) Interface Inactive VPD 1 (Commissioner) VPD 1 (Provider) ODS B (Provider) VPD 2 (Acute) Interface Inactive ODS B (Provider) Access managed via UIM ODS A (Commissioner)

30 Supplementary information The NHS CfH ODS Team can facilitate the copying of NHS CRS Access Control Positions from ODS A to ODS B as part of the ODS restructure. If the users being transferred to ODS B still require access to ODS A this can be achieved via the definition of predecessor positions at ODS B in UIM. No additional configuration changes will be required in ESR at VPD1 or VPD2. The interface can be subsequently activated at both VPDs. NHS CRS Access Control Positions can then be downloaded and linked to ESR positions to manage NHS CRS Access via the interface.

31 Step 4 – Complete the ESR VPD Restructure Final stage of the restructuring process and can be facilitated by IAT or merge/de-merge. –Merge – Where one or more whole source Employing Authorities are joined to a new or existing target Employing Authority. Recommended where staff transferring > 100. –De-merge – A complete transfer of a group of employees from one Employing Authority to another. Recommended where staff transferring > 100 –Inter Authority Transfer (IAT) – Functionality within ESR designed to remove the manual processes associated with NHS transfer forms. Can be completed without Central Team involvement. Recommended where staff transferring < 100.

32 Merge/De-merge - Key Considerations If Source VPD has activated the interface but Target VPD has not it will not be possible to complete the merge/de- merge until the target VPD has activated the interface. If the Target VPD has activated the interface but the source VPD has not, it is recommended that the source VPD completes a UUID data load in advance of the merge/de- merge. The UUID and e-GIF flag will be transferred from one VPD to another as part of the merge/de-merge. Links between ESR Positions and NHS CRS Access Control Positions that exist at the source VPD at the time of the merge/de-merge will be copied across to the target VPD. Configuration must be considered. Merge/de-merge availability and capacity subject to ongoing discussions between the NHS ESR Central Team and McKesson.

33 IAT - Key Considerations The UUID and e-GIF flag WILL NOT be transferred as part of an IAT. Identity checks will therefore need to be recorded in ESR and the person record associated to NHS CRS in order to manage NHS CRS rights access for the employee via the interface at the Target VPD. An IAT requires a termination of employment at the Source Employing Authority. If the interface is active, and the employee is assigned an ESR position linked to an NHS CRS Access Control Position, this will result in NHS CRS access being revoked (at that organisation) from the termination date.

34 VPD restructure in advance of ODS restructure – Merge/de-merge VPD 1 (PCT) Interface Active VPD 1 (Commissioner) VPD 1 (Provider) Flow of messages via the interface ODS A (Commissioner) VPD 2 (PCT) Interface Active VPD 2 (Provider) Transferred from VPD1 Flow of messages via the interface ODS A (Provider) ODS B (Provider) Approach not recommended by the NHS ESR Central Team. Provider staff transfer from VPD1 to VPD2

35 VPD restructure in advance of ODS restructure – IAT VPD 2 (Acute) (PCT) Interface Active ODS B (Provider) VPD 1 (PCT) (Commissioner) Interface Inactive ODS A (Provider) Access managed via UIM or Calendra ODS A (Provider) Access rights managed via the interface Employees from the provider arm have transferred to VPD 2 Remember: IAT revokes access at the source ODS. This will need to be carefully managed. Users can be managed via the interface upon completion of the ODS restructure.

36 What if my organisation completes the VPD restructure in advance of ODS restructure and wants to activate the interface? It is recommended that the Target Employing Authority uses the interface to control access at the Target ODS only. Any access required at the previous ODS can be managed via UIM until the ODS restructure has been completed. At which point the staff members can be assigned ESR Positions linked to NHS CRS Access Control Positions and managed via the interface at the Target VPD. Refer to the ‘Implications of the Transforming Community Services (TCS) Programme for the ESR interface to UIM’ document for further details.

37 Updating the ODS code in ESR Important Note: Updating the ODS code assigned to the ESR hierarchy will result in the interface initiating messages to grant access against the new ODS code before revoking access against the old ODS code for all users within the org unit that have access managed via the interface. The ODS code assigned to the ESR hierarchy should therefore be updated with caution. Refer to ESR guidance material for further details ‘Implications of the Transforming Community Services (TCS) Programme for the ESR interface to UIM’. projects/integrated-identity-management

38 NHS CRS Smartcard Enabled ESR Access Access to ESR via NHS CRS Smartcard requires a user to have a Job Role on NHS CRS – This is not ODS specific. ODS restructure should not therefore impact access to ESR via NHS CRS Smartcard so long as the user continues to have a Job Role assigned to an ODS code in NHS CRS and a UUID in ESR. Following ODS restructure it is possible that a ‘new’ ODS code will need to be assigned to the ESR workstructure hierarchy. This activity will not impact ESR access (i.e. the ODS code stored in ESR does not affect ESR access via NHS CRS Smartcard) but will have implications where NHS CRS access rights are managed via the interface. Refer to guidance.

39 Breakout – Implications of TCS for ESR Interface to UIM IIM TCS Lead? IIM Strategic Decision? Merge/Demerge/IAT? Soft Split complete? ODS Re-structure – when? Scenario & Option?

40 Feedback – Implications of TCS for ESR Interface to UIM Questions from Breakout IIM TCS Lead? IIM Strategic Decision? Merge/Demerge/IAT? Soft Split complete? ODS Re-structure – When? Scenario & Option?

41 Next Steps 1.IIM Strategic Decision. –If UIM only progress UIM implementation. –If ESR interface –Refer to IIM Initiation Guide for further details 2.Complete the ESR soft split. 3.Progress the ODS migration as outlined within the ‘Migration of Spine Smartcard Users OMS Process for User Migration’ document provided by NHS CfH. services/data/sds/user-migration 4.Configure ESR as detailed within the ‘Implications of the Transforming Community Services (TCS) Programme for the ESR interface to UIM’ document. projects/integrated-identity-management 5.Complete the ESR VPD restructure.

42 Questions? ESR RPP Regional Project Managers can provide support and guidance regarding TCS and implications for the ESR interface to UIM. ESR Regional RPP Project Manager –Matthew Hopkinson Tel:


Download ppt "ESR Interface to UIM: Doc Ref: ESR_Interface_to_UIM_TCS_Guide_v1 Transforming Community Services (TCS) Workshop"

Similar presentations


Ads by Google