Security
This topic focuses primarily on the various security features within the application. Application security is managed with user accounts. There are other security concerns outside the application which are equally important.
Data
Here are some points regarding data security:
•All application data is maintained on a server in tables maintained in a SQL database. No data is stored locally on individual computers.
•The application database is backed up to the server's hard disk automatically each day (only the most recent single back-up is maintained, not multiple days) and on month-ends; however, these back-ups are to the server's hard disk only and do not protect your data from catastrophic loss (disk failure, fire, etc.). This data may help in some cases such as the accidental data loss by user error, but provides very limited protection and should not be relied upon.
•It is solely your company's responsibility to back-up and verify your SQL data to removable media (tapes, DVD, CD, etc.) and to secure and protect that data off-site. We neither monitor nor maintain any off-site back-up of your data.
•The application data does not maintain detailed bank card information (we don't keep the card number, expiration date, security numbers, pins, or any other information that would be required for processing the card). We do record the card type, card holder's name, authorization code, and last 4-digits of the card number as well as some non-card information returned by the processor (if automated bank card processing is being used). Other software and services you use may record card information. It is your company's responsibility to limit access to this information.
•Access to your data is only limited by the security options you choose in the application, within and outside your network, and the Windows environment. ECI Software Solutions, Inc. is not responsible for how much or how little you secure your data.
•All network, Internet, and Microsoft® Windows® operating system and application security is your company's responsibility. ALL computers (servers, PC's, etc.) should have up-to-date subscription based anti-virus software. Your company's network should be protected from outside intrusion by a firewall. Wireless networking, if used, should be encrypted and limited to only those devices you designate.
Types of Users
Users accounts should be assigned to employees at your company and are used for both identity and security. There a few different types of users. Specific users can be assigned as either system or application administrators in the Parameters maintenance form (Set Up and User ID tab) available from the Maintenance area. In User Maintenance, users can be assigned to number of types including: sales, back office, other, dispatch, driver, etc. Any of these users may also be designated as a branch manager or not.
Each user is assigned 3 codes that represent a set of security settings. These codes must be defined and then assigned to users. They are: (1) Permissions Lists, used for managing access to areas within the software, (2) Document Access, used for specifying the document types a user has permission to view, and (3) Application Security, which either provides or limits access to specific functions/actions available within accessible areas. Codes are used so that the same settings can easily be assigned to many users. It's equally easy to create a customized code for a particular user.
Some security settings can conflict with each other, so it's important to consider the big picture when deciding on security. For example, preventing a user from performing returns but then providing them access to Charge Returns (an area that is only used for returns), wouldn't make sense. In some cases, it's necessary to both limit access to certain areas as well as set security options to block other related types of information or activities.