101 (or so) Ways policyIQ Content is Secured

This has been a busy month, with so many of our clients choosing to expand their use of policyIQ into new areas.  We love the surge of activity, but it does mean that we’ve been a little busier than normal.   If I didn’t already see my work from this week spilling over into next, I might try to parse out all of our security related datacenter requirements and procedures, structures, features, functionality, policies and implementation recommendations into a list of 101. For the sake of all of those other commitments that I need to get to, suffice it to say that there are a number of layers of security outside and within policyIQ that allow you to securely maintain and share your content with key stakeholders (your policyIQ users and vendors, partners and customers outside of policyIQ).

Here is a sampling of policyIQ security related points:

Data Center Protocols

    • Our data center is SAS 70 Type II compliant with reports available annually.
    • We certainly have physical security protocols for server access.
    • Only a small number of authorized members of the policyIQ team have access to the servers at our data center for the purposes of maintenance.

Site Security

    • Access to policyIQ is SSL encrypted. The encryption is included at no additional charge for clients on the second generation of policyIQ (version 6 and later). The SSL certificate is purchased separately by clients still on version 5.7.
    • Access can be restricted to explicitly defined IP addresses or a range of IP addresses. The steps to add IP restrictions are located within your online Help guide in the page titled: Restricting User Access by IP Address.
    • A User Name and Password are required by every licensed user.
      • The Password is set by the administrator who adds the user to the site and is then re-set by the user upon his/her first login.
      • The Password Policy is established by your Site Administrator within Setup>System Setup>Password Policy.
    • You can now lock users out of policyIQ if their number of attempts to login exceeds your customized limit.
    • Read Only Access can be provided by creating a Read Only Access account. A “Pass Through” link is generated when this account is created and can be shared by the organization in a method determined by the organization (often as an icon or shortcut placed on the intranet).
    • The users accessing policyIQ via this account bypass the login screen and are able to see the Home module (published content in which their “Group” was added as a viewer) and the WhistleBlower module.

Form-Template-Security

Content Security

    • Local Rights to objects
      • User Access Type = Advanced, Standard or Read-only.
      • Global Permissions = generally granted as a part of the standard Roles.
      • Local Rights = Administrator, Editor, Viewer of a Page, for example.
    • Formal approval
      • For Pages, the Approver(s) Group is designated in the Page Security tab of the associated Template within the Setup module.
      • For Forms, Approvers are established in the Form Template Security tab within the Create And Edit module.
    • Specific Item Security
    • It is possible to further refine rights at the item or object level within policyIQ. See the Security tab on your Form Templates, Pages, Files or Weblinks. You can also adjust who can change or view your Folders and Reports.

This list is, by no means, all inclusive. I really just wanted to help you step back and see the range of parameters and methods in place to allow or restrict access to your content. If you are interested in a specific review of your security settings or you have security related questions, contact our policyIQ Support team.

This entry was posted in Features by Stephenie Buehrle. Bookmark the permalink.

About Stephenie Buehrle

Stephenie is the “solutions” expert on the policyIQ team. With RGP since 2004, she designs and develops solutions that capitalize on the best practices of the hundreds of companies that she has touched, while tailoring each configuration to meet the unique needs of each client. Before joining RGP and the policyIQ team, Stephenie enjoyed working as an independent consultant in the non-profit sector. Stephenie also previously performed analyst services for a major brewer ranging from roles in biological and chemical services to analytical roles in business process improvement and innovation. Stephenie quips that she still doesn’t know what she wants to be when she grows up, but hopes to spend her days helping others (companies, individuals, and communities) to realize their full potential.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s