Guidance for registration authorities

To access the new NHS Cervical Screening Management System (CSMS), all staff will require an NHS Care Identity Service authenticator, which includes an NHS Smartcard, with the appropriate RBAC roles and to be assigned to a specific workgroup, or via Microsoft Authenticator.

Most staff who work in cervical screening services will already have an NHS Smartcard with the necessary role-based access codes (RBAC). However, a small number of staff may need to apply for a smartcard from current CSMS user groups. 

The new CSMS workgroup will need to be added to staff member's NHS Smartcard to ensure access to the cervical screening system is limited to only those staff authorised to use it. To maintain access controls, it is essential that only those staff requiring access to the new system have access permissions. Applying blanket access to all users in an organisation or at an ORG code creates an information governance risk. Any organisation taking this approach will be asked to resolve  and apply more granular controls.

Registration Authorities will need to:

1. Create a workgroup structure in Care Identity Management (CIM).
2. Assign users to the workgroup.

Staff will need to select the correct role and organisation when they log on with their NHS Smartcard.

Locums and other staff who work for multiple organisations that need access to the NHS Cervical Screening Management System will need appropriate permissions for all relevant organisations added to their smartcard to enable access to the system.

To support cervical screening staff with these important changes, Registration Authorities will need to:

• ensure that users’ have appropriate RBAC roles and are assigned to a specific CSMS workgroup on their smartcard - to maintain access controls, it is essential that only those staff requiring access to the new system have access permissions
• process NHS Smartcards request for cervical screening staff who do not currently have one in a timely manner when they submit their application
• process requests for additional RBAC functions and workgroups to be added to ensure the correct permissions are in place for existing NHS Smartcards holders, who work in cervical screening services

New users should be pointed at the Apply for Care ID service for new user registration.

All users of the Cervical Screening Management System need to ensure that their smartcard user profile has been updated with an email address to support the use of self-service smartcard unlock. This can be done by the RA or the user via Care Identity Management. 

To access the NHS Cervical Screening Management System the appropriate RBAC roles and workgroup need to be added to staff NHS Smartcards.

The information on roles and baseline activities has been extracted from the national RBAC database v27.2. Unless stated otherwise, the NHS Cervical Screening Management System only recognises roles, therefore all roles should be applied to the default baseline activities. 

As well as RBAC roles, the NHS Cervical Screening Management System uses workgroups to determine access. 

Workgroups are an additional form of access management that will be used alongside RBAC for cervical screening to ensure that only those users who have a ‘legitimate relationship’ with cervical screening data can access it.

RA’s will need to:

1. Create a workgroup structure in Care Identity Management (CIM).
2. Assign users to the workgroup.

Only an RA manager or advanced RA agent can create a workgroup structure.

Organisations that use DXC Lorenzo or TPP community system may already have a workgroup structure.

Once a workgroup structure has been created a specific workgroup needs to be created for users of the cervical screening service. 

If this name is not entered accurately it will not be recognised by the NHS Cervical Screening Management System. You can however, edit the name of the workgroup if entered incorrectly.  

There are 2 additional workgroups which users may need to be assigned to. One relates to Defence Medical Services (DMS) and the other for the Isle of Man. However, these will not apply to every organisation

If any users access data for patients relating to these groups (via the current NHAIS/Open Exeter system) then please contact the screening team so further information will then be provided on the workgroup details.

Users can be assigned to a workgroup either via direct assignment, or position.

Once you have created an access control position, you can then add the workgroup to the position.

All users of the Cervical Screening Management System need to ensure that their smartcard user profile has been updated with an email address to use the self-service smartcard unlock. This can be done by the RA or the user via Care Identity Management.