Roles & Responsibilities for NHAIS (Exeter) System Key Users



Similar documents
Service Level Agreement (SLA) for the NHAIS Core System.

Document filename: HSCIC SSD Bowel Cancer Screening System (BCSS) Directorate / Programme. Project. Systems and Service Delivery DOC-00013

Service Level Agreement (SLA) for the SSD Secure File Transfer Service

Service Level Agreement (SLA) for the M Connect 2 System

Policy Document. Communications and Operation Management Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Ezi Managed Services Pty Ltd Introduction to Our Managed Service Agreement

Developments to the NHAIS System

TSM Backup Service. Standard Service Level Agreement

How To Manage A University Computer System

X2 CONNECT NETWORKS SUPPORT SERVICES PRODUCT DEFINITION LEVEL 1, 2 & 3

Lab Link via Host File Server

Your IT Helpdesk and On-Site and Remote Support Terms and Conditions. Document Revision 1 Sept 09

Customer Guide Helpdesk & Product Support. [Customer Name] Page 1 of 13

OPERATIONAL SERVICE LEVEL AGREEMENT BETWEEN THE CLIENT AND FOR THE PROVISION OF PRO-ACTIVE MONITORING & SUPPORT SERVICES

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Certification Practice Statement

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

HMRC Secure Electronic Transfer (SET)

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION

Newcastle University Information Security Procedures Version 3

PHASE 9: OPERATIONS AND MAINTENANCE PHASE

15 Organisation/ICT/02/01/15 Back- up

NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL.

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

THE BUDAPEST STOCK EXCHANGE LTD. REGULATIONS ON THE USE OF REMOTE TRADING

Information Technology Solutions. Managed IT Services

Vital Records Electronic Registration System (ERS-II) Technical Resource Guide and Support Procedures

ManageEngine Desktop Central Training

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

[Type text] SERVICE CATALOGUE

Service Level Agreement: Support Services (Version 3.0)

IT Support for London

ITD BACKUP MANAGEMENT PROCEDURE

Cloud-based Managed Services for SAP. Service Catalogue

APPENDIX 5 TO SCHEDULE 3.3

Rotherham CCG Network Security Policy V2.0

Adlib Hosting - Service Level Agreement

CHIS, Inc. Privacy General Guidelines

Version: Page 1 of 5

Managed ICT Services. User Guide. Possibilities that are built in. Telstra Corporation Limited ABN

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Informatics Policy. Information Governance. Network Account and Password Management Policy

Data Center Colocation - SLA

JOB DESCRIPTION CONTRACTUAL POSITION

To provide an effective, professional and customer focussed ICT Service Desk service to the customers of the Council, NHS and all Hoople customers.

INFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS Risk Assessment 357-7

IT Support & Maintenance Contract

TVision Support Service Guidelines

Managing Expense Claims

University of Liverpool

CAMMS ONLINE SUPPORT PORTAL USER MANUAL

Data Quality Strategy 2006/2008

People Inc. Managing Timesheets P&A Software Solutions Page 1 of 13 Version 1.3 January 2015

Service Level Agreement Between: Computing and Informational Technology And The Finance and Business Operations Division

A Guide to Information Technology Security in Trinity College Dublin

Responsible for: To provide 1 st and 2 nd line support to users of the College ICT facilities and assist with software and hardware installation.

Complete Managed Services. Proposal for managed services for the City of Tontitown

MAXIMUM PROTECTION, MINIMUM DOWNTIME

Software Update Bulletin

University of Sunderland. Oracle 12 i-expenses. Full Administration Training Guide. Version /05/14

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

Secure File Transfer Protocol User Guide. Date Created: November 10, 2009 Date Updated: April 14, 2014 Version: 1.7

Company Name IT Support

TECHNICAL SUPPORT. and HARDWARE/SOFTWARE/NETWORK MAINTENANCE. for PLACEMENT TESTING LAB

Mike Casey Director of IT

HMRC Secure Electronic Transfer (SET)

Administrators Guide Multi User Systems. Calendar Year

Remote IT Support. What is RITS?

Computer System Validation for Clinical Trials:

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Processes and Best Practices Guide (Codeless Mode)

GMS NETWORK ADVANCED WIRELESS SERVICE PRODUCT SPECIFICATION

Internal Control Guide & Resources

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

[Area] Technology Managing Agent Contractor Contract. Service Information. Annex SI 27 Regional Control Centre Technical Support Service

Tracking Database GPSoC Replacement (GPSoC-R) Call-Off Agreement and Schedule A Maintenance

GMS NETWORK BASIC PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. GMS Network Basic

HSCIC Audit of Data Sharing Activities:

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

Land Registry Paying for Land Registry services by variable direct debit. Version 12, January Land Registry Variable Direct Debit Scheme

END-USER REMOTE SUPPORT AND HELPDESK SERVICES SERVICE DEFINITION

How To Write A Health Care Security Rule For A University

Managed Service Plans

ICT SUPPORT SERVICES

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

Enterprise UNIX Services - Systems Support - Extended

Electronic Data Transfer. Guidebook

Transcription:

Document filename: NHAIS Key User Roles and Responsibilities.docx Directorate / Programme HSCIC Project SSD Document Reference DOC-00126 Project Manager Sean Walsh Status Approved Owner Norman Raphael Version 4.4 Author Saghir Akbar Version issue date 11/06/2015 Roles & Responsibilities for NHAIS (Exeter) System Key Users Copyright 2013 Health and Social Care Information Centre

Document Management Revision History Version Date Summary of Changes 4.0 23/4/2010 First version using controlled document template plus the inclusion of the User Authentication Process 4.1 18/2/2011 S3.3 amended to include SP_M email address validity responsibility (Change 3700) 4.1 13.04.11 S2.1.3 and s3.3.8 amended as per National Service Delivery Manager s comments. 4.1 13.04.11 National Service Delivery Manager approved v4.1. 4.2 16/1/14 HSCIC Rebranded 4.3 23.05.14 Amended with updated links and SDM details S2.1 and s3.3 Exeter Helpdesk number amended, 4.4 11.06.15 S3.1 Reference to padded envelope inserted Appendix:. Newcastle SDM address updated, Additional Exeter SDMs contact details inserted. Reviewers This document must be reviewed by the following people: Reviewer name Title / Responsibility Date Version Norman Raphael National Service Delivery Manager 11.06.15 4.4 Approved by This document must be approved by the following people: author to indicate approvers Name Signature Title Date Version Norman Raphael National Service Delivery Manager 11.06.15 4.4 Glossary of Terms Term / Abbreviation What it stands for Document Control: The controlled copy of this document is maintained in the HSCIC corporate network. Any copies of this document held outside of that area, in whatever format (e.g. paper, email attachment), are considered to have passed out of control and should be checked for currency and validity. Page 2 of 11

Contents 1. Introduction 4 1.1. Background 4 1.2. Purpose 4 2. General Responsibilities of the Key User 4 2.1. Act as a first point of contact for users of the system relating to day-today issues 4 2.2. Act as the first point of contact for the SSD Service Delivery Manager and/or Support Manager 5 2.3. Act as an intermediary between Health and Social Care Information Centre and staff using the NHAIS (Exeter) System 5 2.4. Act as an intermediary between hardware engineers and Health and Social Care Information Centre Support personnel and/or PCT staff 6 2.5. Take responsibility for the User Authentication Process 6 3. Technical Responsibilities of the Key User 7 3.1. System Monitoring Tasks: 7 3.2. Password/Access Maintenance 8 3.2.1. NHAIS (Exeter) System Access Maintenance 8 3.2.2. GP Payments System Security 8 3.2.3. Other Security responsibilities 9 3.3. Miscellaneous Housekeeping 9 4. System Administrator 10 5. Appendix A: Service Delivery Manager Contact Details 11 Page 3 of 11

1. Introduction 1.1. Background Taking on the role of a Key User for the NHAIS (Exeter) System requires a good all-round knowledge and understanding of the business processes for which the system is used, together with a detailed knowledge of day to day operational aspects of the system Registration, Finance, Preventative Healthcare, ICM and System Administration. It is vital for the Key User to understand the importance of routine maintenance to ensure the integrity of the database, although many of the individual tasks may be delegated to other responsible staff. It should be noted that overall responsibility for good practice and effective operation of the system lies with the Key User and should therefore be of primary concern for the person allocated this role. 1.2. Purpose This document is intended as a guide and does not represent an exhaustive list of activities, as it is likely to be the case that responsibilities will vary depending on organisational structure. 2. General Responsibilities of the Key User 2.1. Act as a first point of contact for users of the system relating to day-to-day issues For example: Provide the initial investigation of problems with printers, PCs, terminals, etc.(e.g. checking of cable connections). For further details refer to: http://systems.hscic.gov.uk/ssd/downloads/printmgt/printrefdefault - Deal with queries relating to the uploading/downloading of files. - Deal with issues relating to passwords, security, etc. The Remote Site Check Exception Report, which is sent to Key Users monthly, will assist with this. - Remote Site Visit Check 4: relates to Exeter Unix accounts and highlights UNIX accounts without a password, Generic logins, redundant accounts and duplicate accounts. - Remote Site Visit Check 1: checks the nightly application backup and will raise a log if three backups in a row have failed. - Remote Site Visit Check 2: checks that the nightly application backup list is full and complete. - Remote Site Visit Check 39: checks Cache database space on a twice daily basis. - Remote Site Visit Check 3: checks that the ICM system is functioning correctly every half an hour. A support call is raised if the ICM system doesn t appear to be fully functional after 2½ hours. Ensure any problems within the Exeter system are reported to the National Helpdesk in Exeter (0300 3 034 034). Thereafter, to record and monitor incident logs and ensure that problems are resolved in a satisfactory manner. Page 4 of 11

2.2. Act as the first point of contact for the SSD Service Delivery Manager For example: Be the addressee for any written communication to the organisation regarding the terms of the NHAIS support service ensuring that documents are passed to the appropriate person for attention (if not themselves). Ensure appropriate colleagues accompany them to Service Review Meetings arranged by the Service Delivery Manager. Liaise with the Service Delivery Manager regarding any ad-hoc consultancy or implementation work that may be required. Take responsibility for ensuring that members of staff using the NHAIS (Exeter) System are provided with the appropriate level of training. Provide information and guidance in respect of any issues arising from the preventative healthcare audits. 2.3. Act as an intermediary between Health and Social Care Information Centre SSD and staff using the NHAIS (Exeter) System For example: Communicate information relating to software updates, feature faxes, etc. to members of staff using the system. In particular, ensure that emails received in the generic email box are distributed to the appropriate staff. Arrange actual site visits as required (by contacting the Service Delivery Manager) and ensure local users are made aware of any such visits from Health and Social Care Information Centre NHAIS support staff. Notify users of system downtime or restricted availability due to activities of Health and Social Care Information Centre NHAIS Support. Review remote site visit reports and ensure any identified issues are progressed. Attend (or ensure appropriate attendance) at product or area focused User Group meetings and represent the interests of their organisation, including, for example, proposing suggested improvements to or modifications to the NHAIS (Exeter) System. Ensure that any prerequisite activities for on-site work are completed prior to the member of support staff attending. Communicate details of SLA arrangements to staff using the system. Ensure any planned changes to the environment in which the NHAIS (Exeter) System operates in are notified in advance to the Service Delivery Manager. For example, changes to network configuration. Ensure that appropriate staff have specific responsibilities for any jobs that require scheduling. Page 5 of 11

2.4. Act as an intermediary between hardware engineers and Health and Social Care Information Centre Support personnel and/or Area Team staff For example: Contact hardware engineers when requested to do so by Health and Social Care Information Centre Support personnel or users. (The most likely reasons for contacting an engineer would be to resolve printer malfunctions and problems with disks or tape drives.) To ensure that maintenance to hardware and software upgrades is carried out with the minimum disturbance to the daily operation of the system. To ensure adequate cover of these duties during periods of absence of the Key User (e.g. holiday). 2.5. Take responsibility for the User Authentication Process In order to ensure the accuracy of the information held on HPOV (HP Open View the call logging tool used by SSD), the Key User should assume the responsibility of following the process for informing HSCIC of new contacts in advance, or advising of any contacts which can be disabled. The process comprises four main areas: On-going advanced notification of authenticated contacts, or contacts to be disabled from the HPOV system Key Users must provide at least two weeks advanced notification of new contacts or contacts to be disabled from the system. Key Users will provide information via a template (provided by SSD), sent to the Helpdesk and copied to the SDM for information. The Help Desk will confirm that the request has been completed to the Key User (and in the case of a new authenticated contact, the contact themselves). Regular audit of HPOV contacts to ensure that they remain current The Key User will be provided with a report to allow them to audit HPOV contacts this to be repeated every 6 months. The report will contain Organisation, Forenames and Surname. A column will be provided for the Key User to mark contacts as disabled. The report will also indicate whether a contact has raised a HPOV call within the past 18 months. If SSD does not hear back from Key Users within 4 weeks, these contacts will be automatically disabled from HPOV. Should these contacts need to be reinstated, they will be required to follow the authentication process. Unauthenticated caller process The Help Desk staff will not raise service calls for unauthenticated users (whether the request is made by phone, fax or email). The caller will be advised that they are not an authenticated caller for the organisation, and that they are required to follow an authentication process controlled by their NHAIS Key User (Key User details will be provided if necessary). The caller will also be advised to ask a colleague (who is authenticated on the HPOV system) to raise the service call on their behalf. Should the authenticated caller require further contact on the call to be made through the unauthenticated caller, this will need to be made clear when raising the call. Any further Page 6 of 11

calls will need to be raised in a similar way until the Key User has followed the process detailed under paragraph i) above. On-going validation of HPOV authenticated caller details At least every 6-9 months, the Help desk will make a spot check on users details when they call the desk to ensure that caller details in the HPOV system are accurate (e.g. telephone numbers, email addresses). 3. Technical Responsibilities of the Key User The technical responsibilities can be split into 3 categories of task: System Monitoring; Password/Access Maintenance; and Miscellaneous Housekeeping. 3.1. System Monitoring Tasks: Responsible for ensuring that the daily backup of the NHAIS (Exeter) System is performed and its successful completion is confirmed. - Tapes should be clearly labelled and dated to identify the relevant backup tape should a restore be necessary. - Backup tapes should be kept in a secure environment to ensure that they are available when needed. - Tape drives should be cleaned weekly or in accordance with manufacturer s guidelines. It should be noted that cleaning tapes should be stored in a clean environment and usage recorded in order to avoid any risk of introducing problems to tape drives. - NHAIS (Exeter) System users must be informed as a matter of urgency should there be an instance of back-up failure, to ensure that the impact on work is minimised. - The Key User must ensure that any backup tape sent to SSD has had the contents encrypted via the SSD NHAISBU backup encryption scripts. Additionally, to ensure all tapes/media that are sent to SSD are sent via the Royal Mail's Special Delivery Service and in a padded envelope that is robust in transit.. Responsible for ensuring other backup cycles are completed weekly, monthly, and quarterly. It is important to ensure that there are trained members of staff able to carry out this role in the absence of the Key User. In addition to the automated NHAIS System backup, the Key User should ensure that a regular UNIX backup is performed on a monthly basis. In the case of HP systems this can be performed via the Cache Control Menu. Sites with IBM servers should raise a support log for this to be performed by a member of the Health and Social Care Information Centre Support Team. Responsible for undertaking regular reboots of system elements; UNIX reboots should be undertaken quarterly as a minimum. Monitoring of the Integrity of the Cache databases A check on the integrity of the Cache system should be performed regularly to aid the early detection of problems relating to the internal disk block structure. To achieve this, the Cache utility, VALIDATE, should be performed at a time when updates to the Exeter system are unlikely (for example over the weekend). VALIDATE can be Page 7 of 11

scheduled via the Cache Control Menu and it is recommended that this is run weekly. 3.2. Password/Access Maintenance 3.2.1. NHAIS (Exeter) System Access Maintenance The Key User is responsible, as the holder of the NHAIS (Exeter) System Master password, for liaising with departmental managers to ensure that appropriate user categories are established. These categories should have carefully considered access rights to the various NHAIS (Exeter) System screens and jobs in order that access rights assigned to individual users are appropriate to their level of responsibility within the department. Obviously, much consideration needs to be given to the sensitivity of the data that can be accessed vis-à-vis the role of the individual user. For detailed guidance on setting up, maintaining, monitoring, log reviewing and hardening security at the local level, the Key User must refer to the Security System User Reference Manual Volume 1: Supervisors & System Administrators. In addition, the Key User must ensure that ordinary users adhere to the Security System User Reference Manual Volume 2: Ordinary Users. Both volumes of the above Security System manual are available at: http://nww.hscic.gov.uk/nhais/downloads/index_html/index_html/index_html/securs ys/securdefault The Key User must ensure that procedures are in place to manage the security system in their absence. New NHAIS (Exeter) System screens and Analysis Jobs are issued via the Software Issuing Service. It is a responsibility of the Key User to ensure that the appropriate access to the new software is provided to the relevant staff. The Key User is responsible for monitoring User Access to the system using the SECREP utility as appropriate to check for any attempted unauthorised accesses to the system, and subsequent clear-down of the log files. The Key User is responsible for the removal of User IDs from the password system and UNIX where users either no longer require access or have left the employment of the organisation. Remote Site Visit Check41 relates to this. A support call should be raised with the Exeter Help desk if required. It is recommended that Security System Reports are run and reviewed on a daily basis. Hard copies of Security System Reports should always be requested before the log holding the reports is cleared down. 3.2.2. GP Payments System Security The Key User must be aware of, and take into consideration, the guidance documented within the New GP Contract Payments User Reference Manual and the Procedures for GP Payments Staff. This guidance relates to aspects of audit and control such as access levels controls on screens, reports, sign-offs, etc. It is the responsibility of Key Users to ensure that user roles are appropriately allocated and segregated to safeguard the security of the Payments process. The New GP Contract Payments User Reference Manual can be found at: http://systems.hscic.gov.uk/systemsandservices/ssd/downloads/newgpcontractpay/inde x_html Page 8 of 11

3.2.3. Other Security responsibilities In addition to the maintenance of the NHAIS (Exeter) System s security system, the Key User may have some responsibility for the maintenance of other passwords, for example, UNIX passwords. 3.3. Miscellaneous Housekeeping These tasks generally relate to the early identification and resolution of errors and the removal of redundant files. The main tasks are listed below: Monitoring of the AJ/Q and FJ/Q, print queues and RR/RP screens for errors and informing the Health and Social Care Information Centre support team of such errors via the Helpdesk (0300 3 034 034), also ensuring that retention periods are appropriate and old entries are deleted when no longer required (from the awaiting and already printed screens). Delegating to the ICM officer or directly monitoring ICM for errors: - Ensuring swift resolution of errors. - Ensuring ICM 'Home' mailbox is turned off if work is carried out on the DTS. - Ensuring link codes from ICM reports are followed up. - Monitoring ICM status screen. Ensuring the prompt update of the Postal Address File (PAF) upon its receipt from the Health and Social Care Information Centre National Services department and that the follow-on work is processed. Ensuring that the SSD Contacts database is kept up to date with user roles via the website - http://nww.hscic.gov.uk/nhais/contacts/login/ Ensuring the various NHAIS (Exeter) System database integrity checks are performed regularly. - AJ-RIC and AJ-QCIV for the Registration Database. - AJ-CYIC for the Cervical Screening Database. - AJ-BCSI for the Breast Screening Database. Removal of redundant download files from the various user-defined UNIX file systems (e.g. PC letters and GP reconciliation). Remote Site Visit Check 40 checks these download areas - a support log can be raised to request Support to remove the files. It is strongly recommended that the File Back Up and Verification (FBV) Service is used and that tapes are submitted on a monthly basis. Regularly review the e-mail addresses within the various e-mail groups on the SP-M screen in order to ensure that: - The most appropriate people are associated with each e-mail group. - The correct e-mail address is recorded for each person. Page 9 of 11

4. System Administrator The tasks which are delegated to the System Administrator are at the discretion of the Key User. However, it is essential that the System Administrator or other designated person is in a position to provide cover for all the tasks of the Key User during periods of absence i.e., holiday, sickness etc. The Key User may also wish the System Administrator to carry out jobs such as the printer maintenance and print list jobs, running of the ICM system and the physical changing of the backup tape. Page 10 of 11

5. Appendix A: Service Delivery Manager Contact Details Leeds Office Vantage House, Aire Street, Leeds, LS1 4HT Service Delivery Manager Clare Westrop Tel: 0113 3973278 (Mobile: 07771 771963) Redditch Office Floor 2, Prospect House, Fishing Line Road, Redditch B97 6EW Service Delivery Manager Mark Hillman Tel: 01527 582408 London Office Floor 5, Skipton House, 80 London Road, London SE1 6LH Service Delivery Manager Saghir Akbar Tel: 020 7391 8080 (Mobile: 07810 552843) Exeter Office Hexagon House, Pynes Hill, Exeter EX2 5SE Service Delivery Manager Mike Hogan Tel: 01392 206696 Service Delivery Manager John Martin Tel: 01392 206777 Service Delivery Manager Phil Moores Tel: 01392 687069 Newcastle Office 9th floor, Durham House, Washington NE38 7SF Service Delivery Manager Graham Ambrose Tel: 0191 402 8503. Page 11 of 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information