 |
| Security |
A major objective of Total View is to make clients' records available to those who need to know, both inside and outside of the organisation (i.e. to external agencies).
As a result, this poses significant issues regarding security, to ensure only legitimate users can get access to the system and to specific records and documents.
Login Secrity
Every user has a unique Total View user id. There are two ways into the system: directly through the Total View login page; or linking from the MIS system, opening a selected client's record automatically. If network or Active Directory sign in is in use, Total View can use this in order to provide single sign-on.
The system administrator can set different security profiles for different levels and types of user. So, for example, users likely to have access to more privileged information can be forced to change their password more frequently, and their user id will be blocked sooner if it is used in an apparently "brute force" attempt to break in.
Client Record Security
Having entered the system, the user is subject to constant checking as they request access to client records. When a user requests access to a client, the system checks to see whether they are in some way associated with the client. If not, they are permitted access, but only having entered a valid reason.
Access to individual documents, records and external data sources is based on whether permission has been granted or denied to them. A user may feature more than once in the chart, for example in their team as well as in the emergency duty team or secure records team. Document permissions can also extend to individual users (either granted or denied).
All permissions are at two levels: open access or challenged access. This means that access can be granted but only having challenged the user to enter a valid reason. This discourages frivolous access, whilst ensuring full access if necessary.
|
|
|
 |
| Login |
|
| Security Profiles |
|
| Permission Groups |
|
| Set Permissions |
|
|
|
