New Person Procedure

Print this Page	glossary of terms	New Person Procedure H1	table of contents	Close this Page

New Person Procedure:

1. Step 1 of personnel (HR) management begins with a new person procedure using the add approved person form.

2. This procedure may be restricted to a few people.

Approved Person:

1. A standard list and form are provided to manage approved person information in conformance with GDPR.

2. The approved person list may be customised by each person to match their personal requirements. Customisation can be reset at any time.

Access Rights:

1. None is where a person has not given consent for their information to be processed or their access rights have been withdrawn.

2. Email recipient person is granted rights to process the private contents of the email.

3. Customer contact person is granted rights to process their own customer data only.

4. Supplier contact person is granted rights to process their own supplier data only.

5. Account Manager (sales) is granted rights to process only the CRM information where they are the customer assigned account manager.

6. Broker is granted rights to process all CRM information with read-only rights to view SRM information.

7. Finance is granted rights to process all CRM and SRM information, including download rights together with associated data breach reporting liabilities.

8. Owner is granted rights to process all CRM and SRM information, including download rights together with associated data breach reporting liabilities.

Privacy:

1. Only a person with "Owner" access rights may process approved person information as the Data Controller.

2. All approved person information is encrypted and replicated to ensure that it cannot be stolen and cannot be lost.

3. Every persons name and email address fields are pseudonymised as protection-by-design in conformace with article 28.

Support:

1. The Second Level Support team working under the direction of the Request Fulfilment Manager are approved by support requests to access business data as "brokers".

2. The support team are not in a position to process business data with Owner or Finance rights.

3. Business data is encrypted so no other person working with the ASP is in a position to view any business data.

Task Management:

1. Any number of tasks may be associated with each approved person.

2. A task may be scheduled as a diary event or used to send a business message with email envelope.

Session Management:

1. An approved person has the right to sign-in using more than one browser at the same time - each browser and each device has its own unique session.

2. Where an approved person has signed in and views an email private letter, they are in fact signed in more than once using the same session.

3. Rights are managed in a way that each session and each instance of each session has its own strict rights that cannot be impacted by any other session instance.

4. The natural life cycle of a session is 59 minutes, unless a request begins a new session. After 59 minutes the displayed data is out of date and all displayed links have expired. Clicking an expired link will show the expired web page and may cause the person to have to sign-in again.

Document Control.

1. Document Title: New Person Procedure.

2. Description: Bespoke Application Service: New Person Procedure.

3. Keywords: Bespoke Application Service, New Person Procedure.

4. Privacy: Shared with approved people for the benefit of humanity.

5. Edition: 1.1.

6. Issued: 2 Jan 2018.