The Flare system contains confidential and sensitive data. The system is now used across multiple departments and many service areas. With over 400 registered users it is impossible for the administrators to know every every user or be aware of new starters. It is vital for the security of the system that a formal procedure be followed to ensure that only properly authorised persons are given access to the system and that they only have access to the data required for them to carry out their work effectively.
Request for new accounts or changes in data access must be initiated by team leaders or their equivilants from the police or Nottingham City Homes.
The team leader will be asked to supply the following information.
The user's full name is essential in order to identify the user as a legal entitiy.
The Flare system does not utilize payroll numbers, National Insurance numbers or any other unique identifier so it is important that we each user can be positively identified from their full name and their service area. It is the full name that would be used should any legal action ensue from use or misuse of the Flare data.
The user's job title is used for identification purposes and to assist in ascertaining the appropriate privileges to be granted. The job title is also used when exporting data to computer generated letters and documents.
The extention number is used in exported letters and documents and by the system administrators to contact the user.
The e-mail address is used by the administrators to notify users of their accounts details and may also be printed on computer generated correspondence.
The UNITS currently in use are:
The user's normal place of work:
The address helps to identify the the user and may be printed on computer generated documents and correspondence. The address also assists the administrators to identify the source of any user problems.
The name of the service manager or equivilent post in Nottingham City Homes, or the police force and their e-mail address. The e-mail address will normally be used to contact the SM for approval of the priveleges to be granted.
Users are only granted access to the system during their normal hours of work. Access to the system outside the authorised hours would indicate a security failure.
Access is normally only granted between the hours of 7am and 7pm. Support is only available from Civica between 9am and 5pm.
Civica only offer support during normal office hours Monday to Friday, as a consequence of which, maintenance work may from time to time be carried out during core hours.
Every effort is made to avoid disruption to services. All in house system maintenance work is done out of core hours.
Restricted access hours help to identify unauthorised activity in the event of the security systems being breached.
Access will be granted from the notified start date provided that the account is requested 7 days prior to that date and that timely approval is recieved from the service manager.
If the post is temporary or a fixed term contract the finishing date must be supplied. If no finishing date is given and the post is permanent, a termination date two years after the start date will be entered to allow a review of the account and the access privileges to be undertaken.
Once the users details, access times, and privileges have been entered on to the system, a report is sent to the new account holder's service manager (or equivilant) for approval. The document may be printed but is more usually sent electronically.
It is vital that there is a clear separation between the account request and approval of the privileges granted.
C W Fulford
5th August 2004
last update 4th April 2006
Webmaster |
|
|
The layout and associated style sheets for this page are taken from the World Wide Web Consortium and used here under the W3C software licence.
Copyright © 2003-2006 Clifford W Fulford