Data Controls
Following the previous article on software access controls and their functionality, in this article we explain how DCision ERP software controls access to data. This is a complementary subject since part of the control over the data is done through access controls which prevent unauthorized persons from accessing features presenting certain data. Now let’s look at the controls to prevent other software from gaining access to the data or worse, modifying it. Although less well known to users than the functionality access controls, they are just as important, especially in this more or less mature « Cloud Computing » era.
Databases Controls
Since databases are used to store the financial data of your companies, it is essential to prevent access to this data by « external » software or by individuals who obtain, for example, a copy of your backups. Our software uses a Progress mechanisms to allow only your users to access data. In addition, users only have access to data through our software and not through any other mechanism. Indeed, SQL and/or ODBC connections or connections from other software developed in Progress cannot access the data without an agreement with us.
Control Over Data Passing Through the Network
Some data that we target is encrypted before passing through the network between the server, the workstations and external servers to avoid being intercepted by « packet sniffer » software that can be used to obtain data, like passwords for example. Obviously, users who work remotely (Remote Desktop) or in « Cloud Computing » mode use secure connections. Finally, the transfer of data with external sites, for example the transfers of data with a bank for bank reconciliation is also done in secure mode (SFTP).
History of Changes of Data Entry (E-records)
Finally, although this is not a data access control but a control which is related to it, let us mention the control of modifications to records which makes it possible to know which user modified which record, when and by what value. The same principle applies to the creation and deletion of records. This control is mainly used for permanent lists (customers, suppliers, products, etc.) since financial transactions cannot be modified once entered, the corrections being made by reversals or by adjustments. But it is also available for certain Operations Management transactions, that is, for purchase order forms, production orders and for any modifications to lot / serial numbers.
Basically, this is what is in place to discourage unauthorized people from accessing data and those with access from entering potentially fraudulent transactions into the DCision ERP software without leaving a trace.
Please do not hesitate to contact us with any questions or for more details!