...
TIS ID management is not up to scratch with basic standards and we are uncompliant..
User roles that dictate what a user can see, are confusing. The description of the roles is not transparent.
There is no understanding whether the system for suspicious activity.
The existing user management tool is not fit for purpose.
We are not assured that legitimate users the processes for adding and removing users are sufficient.
Security
Passwords
no complexity rules or regular changes (against good practice)
no self-reset of password (adds admin burden)
Multi-factor authentication (now the norm and best practice)
Single sign on (using NHSE credentials) for staff should be investigated (access is simpler), which already has MFA.
...