Versions Compared

Version Old Version 5 New Version 6
Changes made by

Rob Pink

Rob Pink

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page is to develop the problem statements and material to frame research on user management.

Problem

  • TIS ID management is not up to scratch with basic standards and we are uncompliant..

  • User roles that dictate what a user can see, are confusing. The description of the roles is not transparent.

  • There is no understanding whether the system for suspicious activity.

  • The existing user management tool is not fit for purpose.

Security

  • Passwords

    • no complexity rules or regular changes (against good practice)

    • no self-reset of password (adds admin burden)

  • Multi-factor authentication (now the norm and best practice)

  • Pass-through authentication Single sign on (using NHSE credentials) for staff should be investigated (access is simpler), which already has MFA.

User roles

Need to be reviewed and if necessary amended.

Monitoring

  • Monitoring access by users (to ID suspicious activity)

...