390 likes | 403 Views
This document outlines the objectives, principles, and processes of the SCPEA Assurance Process, which aims to ensure the quality, security, and consistency of service delivery. It covers topics such as identity and information sharing, technical developments, consent and governance, and procurement.
E N D
Plan for the day • Objectives and principles • Some pictures of SCPEA • The Assurance Process • What has worked, How and Why? • Moving from pilots to general take-up. • Lunch • Identity and Information Sharing • Registration Authorities and Identity • Key questions • Consent and governance • Products, procurement and markets • …..(your issues?)
Some pictures of SCPEA • Trying to reflect back to you what we think we have observed. • Systems and environments • Roles and relationships • Agencies and partnerships We are looking for your comments, discussions suggestions.
Applications Client Facilities Server Facilities Intranet The Internet
Post-it Notes Development and Support Facilities In House Provision Applications Client Facilities Server Facilities Intranet The Internet
Post-it Notes Remote Development and Support Facilities Applications Client Facilities Server Facilities Intranet The Internet Different Facilities Providers
Post-it Notes End to end security, safety and performance PDS SSB NASP - BT N3 Applications Client Facilities Server Facilities Intranet The Internet
Post-it Notes R R Data quality and consistency PDS SSB Record System Other Apps NHS Trust Facilities (LSP) Applications Client Facilities Server Facilities NASP - BT N3 Intranet The Internet
Caldicott Guardian Post-it Notes Other service providers and record holders Service manager R R Practitioner Client Information Governance Manager CfH Technical Support Data Quality Manager Local Technical Support PDS SSB NHS Trust Facilities (LSP) Record System Other Apps Applications Client Facilities Server Facilities NASP - BT N3 Intranet Roles and Relationships
Local Authority Department of Health Practices Practices Adult Social Services Department Commissioning Relationships PCT Housing (ALMO) Health Care Partners Voluntary Sector Organisations Social Care Partners Connecting for Health Acute Trust Fire Brigade IT Provision Commercial Suppliers Commercial Suppliers Applications, Systems and Service Suppliers Organisations and Agencies I
Applications, Systems and Service Suppliers Housing (ALMO) Procurement Relationships Lead Authority Local Authority PCT DoH Contact Point Connecting for Health Acute Trust Fire Brigade Children’s Services Adult Social Services Voluntary Sector Organisations DCSF Police Local Strategic Partnership Organisations and Agencies II sys OA1 OA2
Plan for the day • Objectives and principles • Some pictures of SCPEA • The Assurance Process • What has worked, How and Why? • Moving from pilots to general take-up. • Lunch • Identity and Information Sharing • Technical developments across Government • Key questions • Consent and governance • Products, procurement and markets • …..
The Assurance Process Assurance involves the separation of inspection and implementation responsibilities. This requires that principles, plans and criteria are made explicit. For a technical system (component) testing is empirical. For a socio-technical system….
Document the specific local process or configuration according to the standard • The standard must be clearly and accessibly documented. • Must be adequate, relevant and applicable to the local situation • Must involve all parties with a stake or responsibility
Inspect and approve the document • Inspection competence • Inspection capacity Compares two documents: the plan and the standard
Implement the documented process/configuration • Resources and capacities • Capability and commitment
Inspect and approve the implementation • Inspection competence • Inspection capacity. Compares a set of observations with a specification.
Ongoing monitoring and audit of structures and processes • Access and visibility • Inspection competence • Inspection capacity. Compares a set of observations with a specification.
Review the implementations and the standards against outcomes • Access to the evidence. • Participation and voice. • Power to make decisions and to mandate change. Applies a set of principles and values to observations and evidence.
The accreditation process is applied to: • Technical products • Facilities such as platforms, networks and buildings. • Technical services • Client care processes • Client service management processes.
What is the scope of SCPEA? • Technical products • Facilities such as platforms, networks and buildings. • Technical services • Client care processes • Client service management processes. • Document process according to the standard • Inspect and approve the document • Implement the documented process/configuration • Inspect and approve the implementation • Ongoing monitoring and audit of structures and processes • Review the implementations and the standards against outcomes
The graveyard spot… • Workshop material on Registration Authorities, smart cards and information sharing. • Part of SOCITM work on LA response to the different technical initiatives in ID and security • DoH, DWP, DCSF, DCLG.
Subject User Sponsor ● ● An identity that can be authenticated. A token that is depended upon to link these together. ● A role that confers the appropriate rights and capabilities respecting the record system. A User is to be provisioned to access a record service controlled by a custodian. The record contains information about an individual – the subject. The process is imitated by a sponsor. To achieve this the user requires: Custodian
Subject User Sponsor Citizen Employee Local Authority Employer CRM System A User is to be provisioned to access a record service controlled by a custodian. The record contains information about an individual – the subject. The process is imitated by a sponsor. These roles can be mapped onto a number of different situations: Custodian
Child Pupil Subject Parent Head Teacher User School Records Sponsor A User is to be provisioned to access a record service controlled by a custodian. The record contains information about an individual – the subject. The process is imitated by a sponsor. These roles can be mapped onto a number of different situations: School Custodian
Subject User Sponsor Someone I trust Me My Home Page A User is to be provisioned to access a record service controlled by a custodian. The record contains information about an individual – the subject. The process is imitated by a sponsor. These roles can be mapped onto a number of different situations: Custodian
Subject User Sponsor Practitioner Service User The commissioning of Voluntary Sector Organisations to deliver service represents a particularly complex case. Care Agency Case Records Service Commissioner A User is to be provisioned to access a record service controlled by a custodian. The record contains information about an individual – the subject. The process is imitated by a sponsor. These roles can be mapped onto a number of different situations: Custodian
Other relationship holders Confirming Information Supplier. Subject User Sponsor Credentials ● ● Credentials are presented to the registrar. This results in a new entry in the register. ● These have been created in other relationships and data has been collected in a confirming information service. NewEntry A Registrar creates a new identity: Registrar Custodian
Other relationship holders Confirming Information Supplier. Subject User Sponsor ● ● That the registration process is fit for purpose and is adhered to. That the quality of data in the register conforms to the registration standards. ● That the presenting individual corresponds to the one in the credentials and that they are valid. NewEntry Responsibilities of the Registrar Registrar Custodian
Other relationship holders Confirming Information Supplier. Subject User Sponsor Card Token Issuing Process Identifier Printed Information Identity Info Provisioner Token Provider NewEntry NewEntry ● ● Provisioning data is recorded for future authentication purposes. Electronic and printed information is placed on a blank card. Capability ● Appropriate electronic keys and certificates are placed in the card memory. Producing a smart card Registrar Custodian
Other relationship holders Confirming Information Supplier. Subject User Sponsor Card Token Issuing Process Identifier Printed Information Identity Info Authority Provisioner Token Provider ● That capabilities are necessary and sufficient for each role. Capability ● That only qualified, current role holders are granted capabilities. Responsibilities of the Authority Registrar Custodian
Other relationship holders Confirming Information Supplier. Subject User Sponsor Token Identifier Printed Information Identity Info Provisioner Token Provider Capability ● That the intended capabilities are associated with each token. ● That each tokens are delivered to the intended recipients. Responsibilities of Token Provision Registrar Custodian
Other relationship holders Confirming Information Supplier. Subject User Sponsor Token Identifier Printed Information Identity Info Authority Provisioner Token Provider Authenticator Capability ● That all issued capabilities have been appropriately mandated by the Authority. ● That the list of valid capabilities is maintained and made available to authentication services. Provisioning Responsibilities Registrar Custodian
Other relationship holders Confirming Information Supplier. Subject User Sponsor Token Identifier Printed Information Identity Info Authority Provisioner Token Provider Authenticator Capability ● What sorts of agencies and organisations are appropriate for these roles ? ● Which can be shared between different domains of identity and authentication ? Questions: Registrar Custodian
Questions and issues that have arisen in the Lessons Learned exercise
Prerequisites: • What are the minimum requirements on an adult social care context to connect to spine services? • Organisational structures and relationships • Technical systems and processes • Political • What are the potential show stoppers? • What are the possible remedies?
Demography service as a starting point • Arguments for: • Clearly defined service • Good vehicle for addressing the technical problems of connection and inter-working • Clear information management benefits • Against: • Scaling the user registration approach. • Practitioner/client benefits are indirect (?)
Documentation issues • There is an awful lot of material ! • There have been many comments about: • Coverage • Levels of abstraction, specificity and detail • Realism • Organisation and accessibility • Where is further investment needed? • CfH + who?
Consent and information governance • Social care practice and clinical practice. • Who must be involved in the change process? • How standardised is the design? • Process • Instruments (forms, reports, records…) • What is the relationship between technical and organisational developments?
Products, services and markets • What is the role of suppliers in rollout and take-up? • Accredited products and Accredited installations. • What is the transferability of SCPEA developments? • User groups and the LA community?