Appendix 2 - Security and Other Recommendations

Navenio’s workforce tasking solutions are designed to operate safely and securely when used in accordance with standard guidelines and good data security practices, such as those recommended by the National Cyber Security Council further details of which are set out on their website at ncsc.gov.uk.

You should note the following security and other recommendations when using IWS.

  • Authorisation levels – ensure that people are granted access only to information they need to perform their roles and that authorisation levels within IWS are set accordingly

  • Staff changes – be aware of the importance of removing or amending access to the system when members of staff leave or change roles

  • SSO – the system is designed for single-sign-on use. It is recommended that individual users have their own user IDs and passwords and that these not be shared

  • Password complexity – NCSC guidelines on password use should be followed (see ncsc.gov.uk)

  • Password storage – passwords should be stored using a secure password management system

  • Auto-timeout settings – IWS is auto-timeout enabled and users are automatically logged out of the system after a period of inactivity. It is recommended that auto-timeouts be kept as short as possible

  • Security reporting – system security breaches should be reported to your supervisor and, where appropriate, to Navenio as soon as possible

  • ARP – IWS allows certain users to run reports. As reports contain personal information, they should be marked as confidential, password protected and only shared with people with the necessary access privileges

  • Performance management – IWS is designed for workforce optimisation. While it will provide information on tasks handled at an individual level, it is not designed to be an individual performance management tool

  • Data protection impact assessment – in addition to the privacy notice in Appendix 1, Navenio provides customers, on request, with a pro forma data protection impact assessment which can be used by customers to support the preparation of their own DPIA