Sensitive Data Management
Overview
Managing sensitive data effectively is crucial for maintaining data security and privacy within Upvise. The below information can help minimise the risk of unauthorized access to sensitive information.
Examples of Employee-related Data
Employee contact data is not auto-created in Workbench from your financial systems, giving you control over the data input into Workbench, and then synced across to upvise. It is recommended that you consider the data you want to store in upvise and make available to your different users. Some examples of data that you may consider reviewing are:
Emergency Contact Information
Onboarding Details
Training Records
Assigned Assets (e.g., boots, laptops)
Utilising User Types & Roles in Upvise
Using the method of forms to capture this data, you are able to restrict visibility using a combination of roles and user types from other employees.
For example, where standard user types can only access forms they have submitted, other standard users will not be able to see the data. The owner of a form is inherited by the user submitting the form.
Read more on Roles & User Types here.
Employee personal contact information can be captured in a form attached to their contact record in Upvise. This may include, but is not limited to, the following types of data which may be considered sensitive to the employee:
Residential Address
Personal Mobile Number (if they have a business phone)
Personal Email Address
Emergency Contact Information
Licenses and Certificates
Checking Upvise System Options & User Configuration
Upvise provides a number of options (setting) and user based configurations you can apply to help restrict access to contacts.
|
|
---|---|
Contacts > Options > User Rights |
|
Manage Users > Application Rights | Although "Data Shared by All Users" limits data access for standard users if owners are assigned, standard user permissions will apply when this option is deselected. If you need contacts available in forms, the best approach is to hide the Contacts app for specific users through the users' application rights. This method is useful for Manager-type users where the above setting does not apply. You can also use forms to ringfence data to role based users. Other applications can also be hidden using this menu.
|
My Account> Roles |
|