Do you have permission?
As organisations adapt and become lean and agile, it's becoming necessary for software providers to think about the structure permissions for the user profiles of their software.
In iDriveHR we have currently 4 levels of permission and all of our features can be switched off or on and made editable or not, to give the SME the ability to share delegated responsibilities, without compromising sensitive or personal data.
Permissions should form part of your overall Data Protection policies and activities. We have found this is often an overlooked area for many a business, quite simply we get carried away in the operations of the business and not its governance or security.
It's often easy to overlook who sees what data, how long data and information is retained and who will see that data and information in the future.
Often items like:
names of documents;
sending the whole document and not part (only the relevant part) to other persons to whom that part of the data/info is irrelevant;
storing communication and information for far longer than required or necessary and sometimes insecurely;
not monitoring permissions or changing these as roles change or people leave;
sharing data and information with others who do not require to see that data or information;
just to mention a few!
So when you are selecting a software provider, make sure you can control who sees what and that you can restrict access, view and edit and one who can guide you every step of the way.
If your organisation stores personal data, even just employee data, ensure you are registered with the ICO. The ICO offers good advice as well as lots of resources to use.
Comments