Posted: October 16, 2015 by Thom Davidson
"This article provides some suggestions for helping assure your contract management system and access stays secure. Data center and infrastructure recommendations will be addressed in a future blog post."
Encryption: Look for encryption of your documents both at rest and in transit. This should also be true of remote backups. Most vendors use 256-bit AES (Federal Government certified for top secret documents).
Role-based Access Controls: Generally speaking, a role can be given a series of permissions like add contract, change contract, etc. A group can have one or more roles. A user can be a member of one or more groups. Therefore, a user gains the permissions based on the groups that they are a member. Roles can be created and managed by grouping together access privileges and administrative capabilities that meet the access needs of users in a group. Often, roles are based on job responsibilities. When a contract manager, for example, signs on as a new user, the person is assigned the appropriate role that automatically allows access to all of the designation services needed to perform the job. It is an easy, efficient way to set access privileges for users. It also provides an efficient mechanism for altering access privileges for common groups of users in the future.
Password Length and Style: Conventional wisdom is that additional complexity presented by special characters, symbols, numbers and a mix of upper and lower case make it almost hack proof. They are wrong! Character-for-character, password length is more important for security than complexity. Requiring complexity but allowing passwords to remain short makes passwords more vulnerable to attack than simply requiring easier-to-remember, longer passwords. Drop your 6-10 character complex passwords and replace it with a long phrase. You will be safer and so will your contracts. Contract Guardian allows for virtually unlimited password length. Better yet, use a digital vault!
Digital Vault: We encourage our clients to use one of the premier digital vaults for management of their passwords regardless of the application they are using. My personal preference is Features:
Auto time-out: Make sure the system automatically times out after a reasonable period of time. This avoids someone walking away from their system and someone using their computer during their absence.
Audit Journal: You want to track the activity of the system and be able to search/report on that activity. Example: Contract Guardian assures you that you can record, search, report and be notified on any task/activity related to the management of your contracts. The journal of your contract management system activities allows:
Contract Journal Views | Each Transaction Provides |
---|---|
All Journal items | Ability to zoom into the detail (Contract, Email message, Tasks assignment, etc.) |
Only Contract | Identification of related document |
Contract Notification Emails | Complete audit stamp: Data/Time/User that created, changed or deleted information related to your contracts |
Contract Workflows | Title of the activity |
Tasks for Contract Management | Before and after contract meta data values |
Manual Journal Entries | Export to Excel |
If you follow the suggestions above, you will be well on your way to securing your contracts and access to the information.
About Contract Guardian CG has clients in 43 States and 9 Countries. Our Contract Guardian contract management software has been a key part of our overall success. Hospitals and healthcare were the first clients to leverage this powerful product and then it spread to other industries.
For more information, please contact us.