Roles & Responsibilities for NHAIS (Exeter) System Key Users

Transcription

1 Document filename: NHAIS Key User Roles and Responsibilities.docx Directorate / Programme HSCIC Project SSD Document Reference DOC Project Manager Sean Walsh Status Approved Owner Norman Raphael Version 4.4 Author Saghir Akbar Version issue date 11/06/2015 Roles & Responsibilities for NHAIS (Exeter) System Key Users Copyright 2013 Health and Social Care Information Centre

2 Document Management Revision History Version Date Summary of Changes /4/2010 First version using controlled document template plus the inclusion of the User Authentication Process /2/2011 S3.3 amended to include SP_M address validity responsibility (Change 3700) S2.1.3 and s3.3.8 amended as per National Service Delivery Manager s comments National Service Delivery Manager approved v /1/14 HSCIC Rebranded Amended with updated links and SDM details S2.1 and s3.3 Exeter Helpdesk number amended, S3.1 Reference to padded envelope inserted Appendix:. Newcastle SDM address updated, Additional Exeter SDMs contact details inserted. Reviewers This document must be reviewed by the following people: Reviewer name Title / Responsibility Date Version Norman Raphael National Service Delivery Manager Approved by This document must be approved by the following people: author to indicate approvers Name Signature Title Date Version Norman Raphael National Service Delivery Manager Glossary of Terms Term / Abbreviation What it stands for Document Control: The controlled copy of this document is maintained in the HSCIC corporate network. Any copies of this document held outside of that area, in whatever format (e.g. paper, attachment), are considered to have passed out of control and should be checked for currency and validity. Page 2 of 11

3 Contents 1. Introduction Background Purpose 4 2. General Responsibilities of the Key User Act as a first point of contact for users of the system relating to day-today issues Act as the first point of contact for the SSD Service Delivery Manager and/or Support Manager Act as an intermediary between Health and Social Care Information Centre and staff using the NHAIS (Exeter) System Act as an intermediary between hardware engineers and Health and Social Care Information Centre Support personnel and/or PCT staff Take responsibility for the User Authentication Process 6 3. Technical Responsibilities of the Key User System Monitoring Tasks: Password/Access Maintenance NHAIS (Exeter) System Access Maintenance GP Payments System Security Other Security responsibilities Miscellaneous Housekeeping 9 4. System Administrator Appendix A: Service Delivery Manager Contact Details 11 Page 3 of 11

4 1. Introduction 1.1. Background Taking on the role of a Key User for the NHAIS (Exeter) System requires a good all-round knowledge and understanding of the business processes for which the system is used, together with a detailed knowledge of day to day operational aspects of the system Registration, Finance, Preventative Healthcare, ICM and System Administration. It is vital for the Key User to understand the importance of routine maintenance to ensure the integrity of the database, although many of the individual tasks may be delegated to other responsible staff. It should be noted that overall responsibility for good practice and effective operation of the system lies with the Key User and should therefore be of primary concern for the person allocated this role Purpose This document is intended as a guide and does not represent an exhaustive list of activities, as it is likely to be the case that responsibilities will vary depending on organisational structure. 2. General Responsibilities of the Key User 2.1. Act as a first point of contact for users of the system relating to day-to-day issues For example: Provide the initial investigation of problems with printers, PCs, terminals, etc.(e.g. checking of cable connections). For further details refer to: - Deal with queries relating to the uploading/downloading of files. - Deal with issues relating to passwords, security, etc. The Remote Site Check Exception Report, which is sent to Key Users monthly, will assist with this. - Remote Site Visit Check 4: relates to Exeter Unix accounts and highlights UNIX accounts without a password, Generic logins, redundant accounts and duplicate accounts. - Remote Site Visit Check 1: checks the nightly application backup and will raise a log if three backups in a row have failed. - Remote Site Visit Check 2: checks that the nightly application backup list is full and complete. - Remote Site Visit Check 39: checks Cache database space on a twice daily basis. - Remote Site Visit Check 3: checks that the ICM system is functioning correctly every half an hour. A support call is raised if the ICM system doesn t appear to be fully functional after 2½ hours. Ensure any problems within the Exeter system are reported to the National Helpdesk in Exeter ( ). Thereafter, to record and monitor incident logs and ensure that problems are resolved in a satisfactory manner. Page 4 of 11

5 2.2. Act as the first point of contact for the SSD Service Delivery Manager For example: Be the addressee for any written communication to the organisation regarding the terms of the NHAIS support service ensuring that documents are passed to the appropriate person for attention (if not themselves). Ensure appropriate colleagues accompany them to Service Review Meetings arranged by the Service Delivery Manager. Liaise with the Service Delivery Manager regarding any ad-hoc consultancy or implementation work that may be required. Take responsibility for ensuring that members of staff using the NHAIS (Exeter) System are provided with the appropriate level of training. Provide information and guidance in respect of any issues arising from the preventative healthcare audits Act as an intermediary between Health and Social Care Information Centre SSD and staff using the NHAIS (Exeter) System For example: Communicate information relating to software updates, feature faxes, etc. to members of staff using the system. In particular, ensure that s received in the generic box are distributed to the appropriate staff. Arrange actual site visits as required (by contacting the Service Delivery Manager) and ensure local users are made aware of any such visits from Health and Social Care Information Centre NHAIS support staff. Notify users of system downtime or restricted availability due to activities of Health and Social Care Information Centre NHAIS Support. Review remote site visit reports and ensure any identified issues are progressed. Attend (or ensure appropriate attendance) at product or area focused User Group meetings and represent the interests of their organisation, including, for example, proposing suggested improvements to or modifications to the NHAIS (Exeter) System. Ensure that any prerequisite activities for on-site work are completed prior to the member of support staff attending. Communicate details of SLA arrangements to staff using the system. Ensure any planned changes to the environment in which the NHAIS (Exeter) System operates in are notified in advance to the Service Delivery Manager. For example, changes to network configuration. Ensure that appropriate staff have specific responsibilities for any jobs that require scheduling. Page 5 of 11

6 2.4. Act as an intermediary between hardware engineers and Health and Social Care Information Centre Support personnel and/or Area Team staff For example: Contact hardware engineers when requested to do so by Health and Social Care Information Centre Support personnel or users. (The most likely reasons for contacting an engineer would be to resolve printer malfunctions and problems with disks or tape drives.) To ensure that maintenance to hardware and software upgrades is carried out with the minimum disturbance to the daily operation of the system. To ensure adequate cover of these duties during periods of absence of the Key User (e.g. holiday) Take responsibility for the User Authentication Process In order to ensure the accuracy of the information held on HPOV (HP Open View the call logging tool used by SSD), the Key User should assume the responsibility of following the process for informing HSCIC of new contacts in advance, or advising of any contacts which can be disabled. The process comprises four main areas: On-going advanced notification of authenticated contacts, or contacts to be disabled from the HPOV system Key Users must provide at least two weeks advanced notification of new contacts or contacts to be disabled from the system. Key Users will provide information via a template (provided by SSD), sent to the Helpdesk and copied to the SDM for information. The Help Desk will confirm that the request has been completed to the Key User (and in the case of a new authenticated contact, the contact themselves). Regular audit of HPOV contacts to ensure that they remain current The Key User will be provided with a report to allow them to audit HPOV contacts this to be repeated every 6 months. The report will contain Organisation, Forenames and Surname. A column will be provided for the Key User to mark contacts as disabled. The report will also indicate whether a contact has raised a HPOV call within the past 18 months. If SSD does not hear back from Key Users within 4 weeks, these contacts will be automatically disabled from HPOV. Should these contacts need to be reinstated, they will be required to follow the authentication process. Unauthenticated caller process The Help Desk staff will not raise service calls for unauthenticated users (whether the request is made by phone, fax or ). The caller will be advised that they are not an authenticated caller for the organisation, and that they are required to follow an authentication process controlled by their NHAIS Key User (Key User details will be provided if necessary). The caller will also be advised to ask a colleague (who is authenticated on the HPOV system) to raise the service call on their behalf. Should the authenticated caller require further contact on the call to be made through the unauthenticated caller, this will need to be made clear when raising the call. Any further Page 6 of 11

7 calls will need to be raised in a similar way until the Key User has followed the process detailed under paragraph i) above. On-going validation of HPOV authenticated caller details At least every 6-9 months, the Help desk will make a spot check on users details when they call the desk to ensure that caller details in the HPOV system are accurate (e.g. telephone numbers, addresses). 3. Technical Responsibilities of the Key User The technical responsibilities can be split into 3 categories of task: System Monitoring; Password/Access Maintenance; and Miscellaneous Housekeeping System Monitoring Tasks: Responsible for ensuring that the daily backup of the NHAIS (Exeter) System is performed and its successful completion is confirmed. - Tapes should be clearly labelled and dated to identify the relevant backup tape should a restore be necessary. - Backup tapes should be kept in a secure environment to ensure that they are available when needed. - Tape drives should be cleaned weekly or in accordance with manufacturer s guidelines. It should be noted that cleaning tapes should be stored in a clean environment and usage recorded in order to avoid any risk of introducing problems to tape drives. - NHAIS (Exeter) System users must be informed as a matter of urgency should there be an instance of back-up failure, to ensure that the impact on work is minimised. - The Key User must ensure that any backup tape sent to SSD has had the contents encrypted via the SSD NHAISBU backup encryption scripts. Additionally, to ensure all tapes/media that are sent to SSD are sent via the Royal Mail's Special Delivery Service and in a padded envelope that is robust in transit.. Responsible for ensuring other backup cycles are completed weekly, monthly, and quarterly. It is important to ensure that there are trained members of staff able to carry out this role in the absence of the Key User. In addition to the automated NHAIS System backup, the Key User should ensure that a regular UNIX backup is performed on a monthly basis. In the case of HP systems this can be performed via the Cache Control Menu. Sites with IBM servers should raise a support log for this to be performed by a member of the Health and Social Care Information Centre Support Team. Responsible for undertaking regular reboots of system elements; UNIX reboots should be undertaken quarterly as a minimum. Monitoring of the Integrity of the Cache databases A check on the integrity of the Cache system should be performed regularly to aid the early detection of problems relating to the internal disk block structure. To achieve this, the Cache utility, VALIDATE, should be performed at a time when updates to the Exeter system are unlikely (for example over the weekend). VALIDATE can be Page 7 of 11

8 scheduled via the Cache Control Menu and it is recommended that this is run weekly Password/Access Maintenance NHAIS (Exeter) System Access Maintenance The Key User is responsible, as the holder of the NHAIS (Exeter) System Master password, for liaising with departmental managers to ensure that appropriate user categories are established. These categories should have carefully considered access rights to the various NHAIS (Exeter) System screens and jobs in order that access rights assigned to individual users are appropriate to their level of responsibility within the department. Obviously, much consideration needs to be given to the sensitivity of the data that can be accessed vis-à-vis the role of the individual user. For detailed guidance on setting up, maintaining, monitoring, log reviewing and hardening security at the local level, the Key User must refer to the Security System User Reference Manual Volume 1: Supervisors & System Administrators. In addition, the Key User must ensure that ordinary users adhere to the Security System User Reference Manual Volume 2: Ordinary Users. Both volumes of the above Security System manual are available at: ys/securdefault The Key User must ensure that procedures are in place to manage the security system in their absence. New NHAIS (Exeter) System screens and Analysis Jobs are issued via the Software Issuing Service. It is a responsibility of the Key User to ensure that the appropriate access to the new software is provided to the relevant staff. The Key User is responsible for monitoring User Access to the system using the SECREP utility as appropriate to check for any attempted unauthorised accesses to the system, and subsequent clear-down of the log files. The Key User is responsible for the removal of User IDs from the password system and UNIX where users either no longer require access or have left the employment of the organisation. Remote Site Visit Check41 relates to this. A support call should be raised with the Exeter Help desk if required. It is recommended that Security System Reports are run and reviewed on a daily basis. Hard copies of Security System Reports should always be requested before the log holding the reports is cleared down GP Payments System Security The Key User must be aware of, and take into consideration, the guidance documented within the New GP Contract Payments User Reference Manual and the Procedures for GP Payments Staff. This guidance relates to aspects of audit and control such as access levels controls on screens, reports, sign-offs, etc. It is the responsibility of Key Users to ensure that user roles are appropriately allocated and segregated to safeguard the security of the Payments process. The New GP Contract Payments User Reference Manual can be found at: x_html Page 8 of 11

9 Other Security responsibilities In addition to the maintenance of the NHAIS (Exeter) System s security system, the Key User may have some responsibility for the maintenance of other passwords, for example, UNIX passwords Miscellaneous Housekeeping These tasks generally relate to the early identification and resolution of errors and the removal of redundant files. The main tasks are listed below: Monitoring of the AJ/Q and FJ/Q, print queues and RR/RP screens for errors and informing the Health and Social Care Information Centre support team of such errors via the Helpdesk ( ), also ensuring that retention periods are appropriate and old entries are deleted when no longer required (from the awaiting and already printed screens). Delegating to the ICM officer or directly monitoring ICM for errors: - Ensuring swift resolution of errors. - Ensuring ICM 'Home' mailbox is turned off if work is carried out on the DTS. - Ensuring link codes from ICM reports are followed up. - Monitoring ICM status screen. Ensuring the prompt update of the Postal Address File (PAF) upon its receipt from the Health and Social Care Information Centre National Services department and that the follow-on work is processed. Ensuring that the SSD Contacts database is kept up to date with user roles via the website - Ensuring the various NHAIS (Exeter) System database integrity checks are performed regularly. - AJ-RIC and AJ-QCIV for the Registration Database. - AJ-CYIC for the Cervical Screening Database. - AJ-BCSI for the Breast Screening Database. Removal of redundant download files from the various user-defined UNIX file systems (e.g. PC letters and GP reconciliation). Remote Site Visit Check 40 checks these download areas - a support log can be raised to request Support to remove the files. It is strongly recommended that the File Back Up and Verification (FBV) Service is used and that tapes are submitted on a monthly basis. Regularly review the addresses within the various groups on the SP-M screen in order to ensure that: - The most appropriate people are associated with each group. - The correct address is recorded for each person. Page 9 of 11

10 4. System Administrator The tasks which are delegated to the System Administrator are at the discretion of the Key User. However, it is essential that the System Administrator or other designated person is in a position to provide cover for all the tasks of the Key User during periods of absence i.e., holiday, sickness etc. The Key User may also wish the System Administrator to carry out jobs such as the printer maintenance and print list jobs, running of the ICM system and the physical changing of the backup tape. Page 10 of 11

11 5. Appendix A: Service Delivery Manager Contact Details Leeds Office Vantage House, Aire Street, Leeds, LS1 4HT Service Delivery Manager Clare Westrop Tel: (Mobile: ) Redditch Office Floor 2, Prospect House, Fishing Line Road, Redditch B97 6EW Service Delivery Manager Mark Hillman Tel: London Office Floor 5, Skipton House, 80 London Road, London SE1 6LH Service Delivery Manager Saghir Akbar Tel: (Mobile: ) Exeter Office Hexagon House, Pynes Hill, Exeter EX2 5SE Service Delivery Manager Mike Hogan Tel: Service Delivery Manager John Martin Tel: Service Delivery Manager Phil Moores Tel: Newcastle Office 9th floor, Durham House, Washington NE38 7SF Service Delivery Manager Graham Ambrose Tel: Page 11 of 11