Access to records is through the Web application. Accessing the Web application requires a unique username and password. Permissions to access records is managed by client Administrators called SMS Admins. SMS Admins configure user accounts and user permissions.
Permissions are granted by the use of roles. NWDS' Web applications use Microsoft's Role Provider. There are basic application roles and client configured roles. Generally, only the application specific roles restrict access to records except in the safety communications and version controlled document manager.
Confidential information is protected by requiring:
- Unique username & password for each account; and
- Transport-level security using encrypted traffic.
B.3) Authenticity and Prevention of Unauthorized Access or Data Corruption.
Users are required to login to access records with their assigned username and password. User activity is logged whenever a system change is detected. On client-hosted systems, enhanced system logging is available that tracks every page and record accessed by users.
Firewalls and intrusion detection systems constantly monitor and alert NWDS personnel via email when unauthorized access is attempted. Depending on the type of activity, NWDS personnel will either manage the event at the company level or escalate the event to data center personnel. For denial of service attacks, mitigation measures are the responsibility of the data center.
At the record level, clients can review logs for event activity, including access to records or exporting hazard records to PDF.
B.4) QC and Auditing
NWDS has the ability to compare historical entries to data records upon request. Deleted records older than three years are deleted.
4.B)a) Verification of Record Accuracy
NWDS continuously monitors the database looking for anomalies. These anomalies are discovered either by clients or by NWDS personnel when reviewing reports. When discovered, NWDS immediately takes corrective actions to ensure reports are accurate or educate clients as to why data results are displayed in a particular fashion. Since much of the data is either confidential or restricted, data security remains a top priority for NWDS staff.
B.5) Maintenance Support and Backup Measures.
Database data is backed up nightly at approximately 1 AM Central Time. Backups are tested biweekly to ensure accuracy and availability. Upon request, clients can request copies of the database and their respective client files.