How good is your company’s user security when it comes to accessing sensitive Costpoint data? It’s an all to frequent occurrence that CFO’s and CTO are surprised by the holes in a company’s user security, such as data entry clerks having full access to control and configuration screens, or access to employee salary and personnel data when no need exists.
Here are some questions to ask when evaluating your company’s security state:
1. How long ago was the security model designed? Was it converted over from an earlier version of Costpoint?
2. During the Costpoint implementation was user security give full attention or did it get pushed to the backburner to accommodate other tasks?
3. Has there been staff turnover, is new user security setup cloned from exiting users?
4. Are override rights being used excessively?
5. Does a policy exit that details the controls associated with user access to Costpoint, is it being followed, and is there clear delineation of who is responsible?
6. When was the last security or policy review conducted?
Costpoint 7 has added additional security functionality that can be used to simplify maintenance and tighten it up. The first step should be a well thought-out security review.
Infotek has conducted many security reviews and can employ its cost effective proven methodology in reviewing your system and providing best practice recommendations.
If you would like to get more information or details on how we can be of assistance, please send me an email at firstname.lastname@example.org and I can help you get started.