Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 6 Next »

This page is to develop the problem statements and material to frame research on user management.

Problem

  • TIS ID management is not up to scratch with basic standards and we are uncompliant..

  • User roles that dictate what a user can see, are confusing. The description of the roles is not transparent.

  • There is no understanding whether the system for suspicious activity.

  • The existing user management tool is not fit for purpose.

Security

  • Passwords

    • no complexity rules or regular changes (against good practice)

    • no self-reset of password (adds admin burden)

  • Multi-factor authentication (now the norm and best practice)

  • Single sign on (using NHSE credentials) for staff should be investigated (access is simpler), which already has MFA.

User roles

Need to be reviewed and if necessary amended.

Monitoring

  • Monitoring access by users (to ID suspicious activity)

Background and links in Confluence

User management 2018

https://hee-tis.atlassian.net/wiki/x/LgATMw

Series of meetings in 2020 to advance user management

https://hee-tis.atlassian.net/wiki/x/CQBzjg

Possible further reading

Password standards

Password administration for system owners - NCSC.GOV.UK

ID and authentication

Identity proofing and authentication - GOV.UK (www.gov.uk)

  • No labels

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213