Unauthorized access to highly sensitive data can compromise the confidentiality
of company records, salary information, and sensitive financial information. Incorrect
information can result in inaccurate financial statements. Here are a few things
that can result from inadequate protection of sensitive or confidential data:
- malicious damage to data files
- deliberate manipulation of application programs
- reprocessing effort due to lost data costing time and money
- misuse of output (i.e., selling information, sharing of salary data, stealing research
results, etc.)
Pervasive security features within HQMS are ideal for organizations with multiple
facilities and users of varying access levels.
The built-in user-management system allows users to be placed into groups for the
purpose of granting system permissions and access to individual data records. Record-level
access control includes the ability to designate certain users for notification
and others for approving, viewing, and editing. Field-level access controls determine
the individual screen elements that each editor may update.
The unique “need to know” feature can be used to prevent unauthorized users from
gaining access to sensitive data. When data records are set to require a clearance
level, the system ensures that only eligible users or groups are granted access.
As modifications are made to data records, the system creates an audit trail with
a revision history that includes the user name, time stamp, and complete summary
of user updates.
Workflow and approval points are managed through the use of Electronic Signatures.
In compliance with the strict FDA guidelines CFR 21 Part 11, a dual password approach
is used to implement a simple yet secure technique for documenting user concurrence
or acceptance. The system is designed to prevent anyone from determining a user’s
E-signature password.
|
Access Control Tab
|
This is used by any module that implements record-level access control.
|
|
Security Levels
|
Security Levels are used to lock down records to disable intentional or accidental
access by users without appropriate "need to know" clearance.
|
|
Access Control Templates
|
Access Control Templates define the features that may be used and fields that may
be edited by individuals or groups of users.
|
Are there legal reasons for protecting information?
There are federal and state laws which make your organization legally responsible
to ensure information is correct and used appropriately. The laws:
- protect a person's right to privacy
- prohibit violations of copyright infringements
- protect student records from unauthorized access
- The same principle of locking the door to your office applies to your computer.
Lock up your sensitive information by:
- using password protected software such as HQMS
- choosing a hard-to-guess password
- protecting records from unauthorized access
- never posting your password/pin number near your terminal
- keeping your password and pin number confidential
- disposing of your confidential material in a responsible manner
|