A few weeks ago I was demonstrating the Document Domain to a bank for consideration to use as their Director portal. This requires a secure site for the documents placed in the folder for Directors only. I was asked a question concerning the security of the documents, can you believe I could not answer the question @#&#@. I am the first to admit I do not know all there is to know about all of our programs, as many of the features are updated and improved before I have the chance to use them. Many times our customers are the ones telling me what they have done, how they use particular software or have requested a change to meet their specific needs. As our customer base grows I am challenged to keep up with the programs, changes and upgrades. I have to say that now in our office it is a game played by the staff to “stump Marsha.” I love it…..
What I learned as a result of this security question I want to share with you.
First and foremost our hosting service is SAS70 certified. That is a certification that is a must when it comes to your Directors books. The information hosted must be secure, the server must be secure and to stay in compliance a SAS70 certification is required. As many of you may or may not know to receive this certification there is a cost of $100,000 to $300,000. Not a small fête for any company.
With the Document Domain, there are four levels of security required. Any software you are considering for Director portal must have at least three of the below.
1. Login security. How is the login handled, how is the login information secured. If someone has access to the login and password of a Director they have access to the Director books. As with most passwords, once given the Director must have the ability to log in and change their password. In that way no one, even the site administrator has access to passwords.
2. Folder security. The Document Domain is set up with multiple folder options. The first level of security is given to each user within a bank. The Director folder will be accessible by assigned Directors or other bank management. The security of the book information continues from Document Domain login to folder. A secure folder can not be accessed within the library or outside the library without the proper access code which is in the login and password. Once a bank is set up with the Director folder and they have chosen to be the Director administrator MICR has no access to this portion of the Document Domain.
3. Book/document security. When the book/document is uploaded into the Director folder a password will need to be placed on the file by the file creator. This will restrict access to this information without proper knowledge of the password. Even if the URL address to the document is known access is denied due to failure of procedure from login to folder to document.
4. Security can go three levels down from the original folder if it is required by the bank. Documents can be set at different levels for various reasons within a single folder. All levels of security will have the same procedure requirements. If the procedures with login and passwords are not followed access is denied.
If you are interested in a Director portal you can contact me directly at marshan@ or 951-353-0010 ext 204. micrtechnologies.com
Many banks are using these challenging times to focus on internal processes and improving operational efficiencies.
If you do not have the Document Domain and are interested in a demonstration please feel free to contact me.
Quote of the week: Sitting still and wishing makes no man great.
The good Lord sends the fishing but you have to dig the bait.
