THE ELECTRONIC STAFF
RECORD PROGRAMME
NATIONAL HEALTH SERVICE
ESR-NHS0188
INTEGRATED IDENTITY
MANAGEMENT (IIM)
ESR INTERFACE TO UIM:
DEPLOYMENT ASSESSMENT
Information Classification: Commercial in Confidence
Owner:
Author:
Date:
Version:
David Booth
Chris Price
28 June 2013
v 2.0
Approvals:
Paul Spooner
ESR Programme Director
David Booth
ESR Systems Integration Team
Manager
Contents
1.
Contents ............................................................................................................................. 2
2.
Introduction........................................................................................................................ 3
3.
Deployment Assessment Process.................................................................................... 3
4.
ESR Interface to UIM: Deployment Assessment ............................................................. 4
5.
Possible Assessment Outcomes and Next Steps ........................................................... 8
81913771
Page 2 of 9
1.
Introduction
This document is the ESR Interface to UIM: Deployment Assessment and is relevant to
organisations that have activated the ESR interface to UIM as part of a strategic approach to
Integrated Identity Management (IIM).
The assessment should be completed locally by organisations and used as a Quality Control
checkpoint to confirm the completion of the Integrated Identity Management implementation and
specifically that of the deployment of the ESR interface to UIM. Successful completion of the
assessment will ensure that the interface functionality is being fully utilised to maximise benefit
realisation and also identify areas where further support and guidance may be required.
The activities being measured within the assessment were selected because of their critical
nature in completing the deployment of the ESR interface to UIM.
The purpose of the assessment is to ensure that your organisation has successfully
completed the deployment of the ESR interface to UIM.
2.
Deployment Assessment Process
The following section outlines the specific process for completing the Deployment Assessment.

Organisations are required to review the assessment criteria outlined in section 4 of this
document and gather evidence in order to verify completion as appropriate. Any queries
regarding the assessment criteria or evidence to be submitted should be directed to
[email protected].

The completed Deployment Assessment and associated evidence should be submitted to
[email protected] for review.

If necessary the organisation, with advice from the NHS ESR Central Team, will produce a
corrective action plan for any specific criteria that is incomplete.

If the assessment confirms that the Deployment Assessment is complete then the
organisation has completed the deployment of the ESR interface to UIM. The checkpoint
assessment should then be signed by the IIM Executive Sponsor and returned to
[email protected].

If the assessment confirms that any of the criteria is incomplete then the escalation
procedure, described in Section 5 will be activated.

It is the intention to publish the details of organisations that have successfully completed the
Deployment Assessment on the ESR IIM Web page.
81913771
Page 3 of 9
3.
ESR Interface to UIM: Deployment Assessment –
Assessment for <insert trust name>
Either embed evidence in this document or use the Deployment Assessment Spreadsheet
provided below.
Interface
Deployment Assessment.xlsx
ESR Interface to UIM Deployment Assessment – Criteria and Evidence
Required
Actions
IIM Strategic
Decision
Mandatory /
Recommended
Mandatory
Assessment Criteria
Strategic decision
communicated by the IIM
Executive Sponsor and has
the Trust Board Support.
Yes
/ No
Yes
/ No
Example / Evidence
Yes
/ No
Using the Business Process Pack
and experience of using the
interface functionality, review all
local process and procedures
impacted by the introduction of the
ESR interface to UIM.
Further details available via
the strategic decision
toolkit.
HR, RA
Process
review and
integration
Mandatory
Review and revise process
and procedure
Further details available via
the ESR-NHS0187 ESR
Interface to UIM Business
Process Scenarios
document.
Recommended
HR, RA processes
integrated.
Yes
/ No
Further details available via
the HR/RA integration
toolkit.
Position
Based
Access
Control
(PBAC)
Mandatory
Position Based Access
Control – Definition of NHS
CRS Access Control
Positions.
Further details available via
the PBAC toolkit.
81913771
Page 4 of 9
Yes
/ No
Confirmation from Trust Board or
Executive with responsibility for
HR or IG of decision. Letter / email
provided to
[email protected]
Note: This activity should have
been completed prior to activation.
Produce revised local processes
(flowcharts) and procedures
(documented procedure) as
evidence. This should include
agreed processes for new starters,
completing identity checks,
changes to person details,
changes to positions/position
linking etc.
Processes integrated between HR
and RA as evidenced by single
point of identity checks, time for
granting and revocation of access
to NHS CRS for starters and
leavers is ideally within 1 day and
confirmed by the Information
Governance Executive or Caldicott
Guardian.
NHS CRS Access Control
positions have been defined and
applicable to all areas of the
organisation where NHS CRS
applications are in use. Signed off
mapping table based on a list of all
ESR positions with maps to
equivalent NHS CRS Access
Control Positions. Signoff must be
by an Executive with responsibility
for information governance. Formal
letter / email / board minutes
required.
ESR Interface to UIM Deployment Assessment – Criteria and Evidence
Required
Actions
Mandatory /
Recommended
Mandatory
Assessment Criteria
Processes in place for
definition and approval of
future ESR Positions and
NHS CRS Access Control
Positions.
Yes
/ No
Yes
/ No
Further details available via
the PBAC toolkit.
Example / Evidence
New ESR positions may require
NHS CRS access and
consequently a map/link to an
NHS CRS Access Control
Position. Conversely, when new
NHS CRS Access Control
Positions are defined these will
need to be mapped and linked to
ESR positions as appropriate.
Processes need to be in place to
ensure these considerations are
taken into account when new ESR
positions/NHS CRS Access
Control Positions are defined.
The mappings of new ESR
positions to NHS CRS Access
Control Positions will need to be
approved as deemed appropriate
by each organisation.
ESR
Interface
Deployment
Mandatory
Processes in place for the
review of NHS CRS
supplementary roles
defined in ESR.
The ESR NHS CRS
Sponsor supplementary
role has been reviewed
following interface
activation and additional
sponsors defined and
added to the workstructure
hierarchy where
appropriate.
The ESR NHS CRS RA
Agent supplementary role
has been reviewed
following interface
activation and additional RA
Agents defined where
appropriate.
Further details available via
the ESR-RPP0007 ESR
set-up pre-activation quick
reference guide.
81913771
Page 5 of 9
Yes
/ No
Produce revised local processes
(flowcharts) and procedures
(documented procedure) as
evidence.
Confirmation from the IIM Project
Lead that the NHS CRS
Sponsor/NHS CRS RA Agent
supplementary roles assigned in
ESR have been reviewed and are
fit for purpose.
Evidence of processes in place to
review the NHS CRS Sponsor/
NHS CRS RA Agent
supplementary roles periodically.
ESR Interface to UIM Deployment Assessment – Criteria and Evidence
Required
Actions
Mandatory /
Recommended
Mandatory
Assessment Criteria
The ESR NHS CRS
notification roles (below)
have been reviewed
following interface
activation and amendments
made where required.
Yes
/ No
Yes
/ No
Mandatory
Yes
/ No
Mandatory
The Worklist(s) defined in
ESR has been reviewed
following interface
activation and additional
Worklists have been added
to the workstructure
hierarchy where
appropriate.
Further details available via
the ESR-RPP0007 ESR
set-up pre-activation quick
reference guide.
Ensure the allocation of the
following ESR RA URPs
(User Responsibility
Profiles) has been reviewed
following interface
activation and are only
assigned to RA Agents.
xxx HR Data Entry (With RA)
xxx HR Administration (With RA)
xxx RA Workbench
xxx NHS Recruitment & Applicant
Enrolment Administration
Navigator (With RA)
Further details available via
the ESR-RPP0007 ESR
set-up pre-activation quick
reference guide.
81913771
Page 6 of 9
Confirmation from the IIM Project
Lead that the ODS/NACS code
assigned in ESR is accurate.
Evidence of processes in place to
review periodically.
Further details available via
the ESR-RPP0007 ESR
set-up pre-activation quick
reference guide.
Mandatory
Confirmation from the IIM Project
Lead that the NHS CRS
notification roles assigned in ESR
have been reviewed and are fit for
purpose.
Evidence of processes in place to
review the NHS CRS notification
roles periodically.
NHS CRS RA Agents
NHS CRS Add Employee Errors
NHS CRS Add Applicant Errors
Further details available via
the ESR-RPP0007 ESR
set-up pre-activation quick
reference guide.
The ODS/NACS code in
ESR has been reviewed
following interface
activation and accurately
reflects organisation
structure.
Example / Evidence
Yes
/ No
Note: Any amendments to the
ODS code in ESR should be
requested via SR to McKesson
Remedy before being updated in
ESR.
Confirmation from the IIM Project
Lead that the Worklist(s) assigned
to the ESR hierarchy have been
reviewed and are fit for purpose.
Evidence of processes in place to
review periodically.
Yes
/ No
User report from ESR listing
appropriate users and their user
profiles. Confirmation from the IIM
Project Lead that only RA Agents
have access to the RA URPs.
Evidence of processes in place to
review periodically.
ESR Interface to UIM Deployment Assessment – Criteria and Evidence
Required
Actions
Mandatory /
Recommended
Mandatory
Assessment Criteria
The linking of ESR
Positions to NHS CRS
Access Control Positions is
complete.
Yes
/ No
Yes
/ No
Further details available via
the ESR-RPP0008 ESR
set-up post activation quick
reference guide.
Recommended
Training strategy defined
Yes
/ No
Example / Evidence
The linking of ESR positions to
NHS CRS Access Control
Positions is complete for all
employees within the scope of the
implementation.
Confirmation from the IIM Project
Lead that deployment is complete.
This should reference the number
of staff members managed via the
interface and an explanation
provided for employees requiring
access to NHS CRS but
considered outside the scope of
the implementation.
Based on the training options /
materials available produce a
strategy for how all existing and
new ESR users will be trained in
the new interface functionality.
A documented training strategy will
be required as evidence.
The above assessments are complete and accurate, and have been evidenced as described
above.
Signed ………………………Executive Sponsor
Date ………………….
Signed ………………………ESR NHS Central Team
Date ………………….
81913771
Page 7 of 9
4.
Possible Assessment Outcomes and Next Steps
The possible outcomes from the checklist will be one of:

Scenario 1: The Deployment Assessment confirms the completion of all mandatory and
recommended criteria.

Scenario 2: The Deployment Assessment confirms the completion of all mandatory criteria
but some or all of the recommended criteria is incomplete.

Scenario 3: The Deployment Assessment confirms that some or all of the mandatory criteria
and some or all of the recommended criteria is incomplete.
The table below shows the three scenarios and the actions to take when the Deployment
Completion Assessment has been completed.
Scenario
1
2
Mandatory
Complete
Complete
Recommended
Complete
Not Complete
Action

Organisation’s Project Manager / Lead
delivers report to the Project Board

Subject to Project Board ratification the
organisation has completed the deployment
of the ESR interface to UIM.

The Checkpoint Assessment (Word
document) should be signed by the
organisation’s IIM Executive Sponsor and
returned to [email protected].

Organisation’s Project Manager / Lead
delivers report to the Project Board.

Organisation’s Project Manager / Lead
identifies and informs the Project Board on
possible quality impact of incomplete
recommended criteria.

Organisation’s Project Manager / Lead
advises the Project Board on remedial
actions to rectify incomplete recommended
criteria.

Organisation’s Project Board agrees to
undertake remedial actions.

Subject to Project Board ratification the
organisation has completed the deployment
of the ESR interface to UIM with agreed
actions and timeframes in place to complete
outstanding activities.

The Checkpoint Assessment (Word
document) should be signed by the
organisation’s IIM Executive Sponsor and
returned to [email protected].
81913771
Page 8 of 9
Scenario
3
Mandatory
Not Complete
Recommended Action
Not Complete

Organisation’s Project Manager / lead
delivers report to the Project Board

Organisation’s Project Board understands
reasons for failing to complete the
assessment.

Organisation’s Project Board agrees and
commits to corrective actions within
timeframes agreed with the NHS ESR
Central Team (via
[email protected]).

Organisation’s Project Board and NHS
ESR Central Team agree timeframes for
completing the assessment and
resubmitting to the Project Board.
81913771
Page 9 of 9