Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Overview

Managing sensitive data effectively is crucial for maintaining data security and privacy within Upvise. The below information can help minimise the risk of unauthorized access to sensitive information.

Examples of Employee-related Data

Employee contact data is not auto-created in Workbench from your financial systems, giving you control over the data input into Workbench, and then synced across to upvise. It is recommended that you consider the data you want to store in upvise and available to your different users. Some examples of data that you may consider reviewing are:

  1. Emergency Contact Information

  2. Onboarding Details

  3. Training Records

  4. Assigned Assets (e.g., boots, laptops)

Utilising User Types & Roles in Upvise

Using the method of forms to capture this data, you are able to restrict visibility using a combination of roles and user types from other employees.

For example, where standard user types can only access forms they have submitted, other standard users will not be able to see the data. The owner of a form is inherited by the user submitting the form.
Read more on Roles & User Types here.

Employee personal contact information can be captured in a form attached to their contact record in Upvise. This may include, but is not limited to, the following types of data which may be considered sensitive to the employee:

  • Residential Address

  • Personal Mobile Number (if they have a business phone)

  • Personal Email Address

  • Emergency Contact Information

  • Licenses and Certificates

Checking Upvise System Options & User Configuration

Upvise provides a number of options (setting) and user based configurations you can apply to help restrict access to contacts.

Contacts > Options > User Rights

  1. Data Shared by All Users

    1. When Data Shared by All Users is checked, all Contacts and Companies are accessible by all users, even Standard Users, who can otherwise only access the data they own.

    2. Disable this to prevent “Standard Users” from accessing contact & company data

  2. Standard Users can see other user's location

    1. Disable this to prevent Standard users from seeing other users location

Manage Users > Application Rights

Although “Data Shared by all users” will hide the contact module for standard users, you can in addition to this, remove the contact app from specified users. This may be used for Manager type users where the setting above does not apply.

Other applications can be hidden in this menu

image-20240621-055510.png

My Account> Roles

  1. Review each role in your database to ensure that the role includes only the form people should have access to

    1. Apply the role to individual users as required

 1. What if I have sensitive data stored already in the workbench People record?

Employee contact data is not auto-generated in Workbench from your financial systems, giving you the ability to control what data is entered when you create each employee.

If you have recorded information on the person in workbench, and you no longer want that in upvise you should follow the below steps.

  1. edit the user in workbench

  2. Review data & remove contact data

image-20240621-060209.png

  1. Save user

  2. Navigate to Upvise integration and click “Export/Import” to trigger a sync.

The contact data you deleted will be removed from upvise on the contact.

 2. How do I capture Employee Contact information in Upvise so it's only availble to HR (or authorised people)?

In Upvise, you can use a form template to capture employee-related information and you can use roles to restrict the visibility of this to specified users. 

Examples of Contact forms may include:

​a) Employee Emergency Contact Information

b) Employee Onboarding Form 

c) Training Records

d) Assigned assets (e.g. boots, laptops etc)

Forms can be made easily accessible from the contact record by using Buttons.

Form data related to that employee is available on the contact record, see the example:

To enable users to access the form, you should use roles. Read more about Users and Roles

See the example role configuration:

Apply the role to the users who should have that particular level of access:

  • No labels