Sunday, May 14, 2017

Strong Privacy

LockMany organizations have already discovered that ITRP can be used to provide a single Self Service portal for all kinds of support. That makes it easy for the employees. Whether they need a new laptop, have a contract that needs to be reviewed, or want to understand more about their pension plan, they can always go to the same place for help.

Within ITRP, each support domain was already able to limit who has access the requests. The HR department, for example, would not want the HR requests to be visible to all support specialists of the IT and Finance departments. These requests could, after all, contain very sensitive information about salaries, promotions, illness, etc.

But even within the HR support domain, access may need to be restricted to ensure that not every HR specialist is able to see every HR request. It could makes sense, for example, to only allow payroll experts to see payroll questions, and to limit access to the requests concerning career planning to the experts in that field.

This is now possible. By checking the Strong privacy box in the 'Account Settings' section of the Settings console, the owner of the HR account can ensure that requests, problems and tasks are visible only to the members of the team to which they are assigned.

ITRP account settings - strong privacy
Automatically, ITRP ensures that people with the Specialist role of this account no longer have access to views like 'All Requests' or 'All Tasks'. When a specialist of a strong-privacy account performs a search, the result no longer includes requests, problems or tasks that are not assigned to one of their team(s). Even the reports prevent access to those assignments.

There are a few subtleties of the Strong Privacy functionality that are worth pointing out. For example, a request is visible to the members of the team to which it is assigned, but if the request is linked to an affected SLA of another support team, that other team is able to access the request as well. That is important for the other team, because the request affects their SLA reports.

Another thing worth noting is that a strong-privacy account can still establish trust relations with other ITRP accounts. This allows them to pass requests on to, for example, the IT department or a managed service provider. When someone is about to pass a request from a strong-privacy account to another account, a warning message is displayed.

Warning before passing strong privacy request to another account
When a request has been worked on by multiple accounts and someone from the HR account opens it to work on it again, another message is displayed. This warns the HR specialist that the information of the request is visible to specialists of the other accounts.

Warning after passing strong privacy request to another account
To minimize the information that can be seen by other accounts when a request is passed to another support domain or to a managed service provider, the notes added by the HR specialists are by default internal.

Internal note by default in strong privacy request
The internal notes of a strong-privacy account cannot be seen by specialists of another account, even when both accounts are support domains of the same directory account.

The Auditor role can be given to people who need to be able to see all requests, problems and tasks within a strong-privacy account.

Apart from HR, there are probably other support domains that could benefit from the Strong Privacy feature. Think for example of setting up a strong-privacy account as the whistleblower or ethics hotline. Or if your organization is doing business in Europe, set up a strong-privacy account for the data protection officer (DPO) to comply with the EU's General Data Protection Regulation (GDPR).

0 comments:

Post a Comment