| | 4.3 Fulfilment
11. New Person Request | | |
|---|
| 4.3.11. New Person Request: | | 1. When a new person arrives, as part of the induction training, the manager will request that the new person is approved to sign-in. A one-time pass-phrase is assigned for the manager to give to the new person to sign in for the first time. The new person request can only be used for people who have never had an approved sign-in account. | | 2. The new person is shown their permanent pass-phrase when they sign-in for the first time. The new person is reminded never to disclose their permanent pass phrase with anybody. | | 3. Every application service has build in documentation that provides a guide as to how services may be used. It is not the intent of this documentation to be of educational quality and it does not carry any insured educational liability to change the skill of its readers. Application services inclide guides, in the same way as Google, Amazon, Ebay, Facebook and Twitter offer "how to" documentation without educational or skill liabilities. | | 4. Do not confuse the procedure to add a new person with the procedure for a person to review and change their own profile - they are different procedures used by different people at different times. Every approved person has a right and a legal duty to keep their profile accurate and up to date in compliance with Data Protection laws. | | 5. From time-to-time, a manager will wish to make a new person request so that person is granted access rights to their bespoke application service. This is an infrequent request that is automatically handled without any delay. This procedure will normally be used between 09:00 and 22:00 Monday to Friday - new people are not expected to be approved over a weekend. | | 6. By eliminating people from this fixed documented procedure, errors are eliminated, productivity is maximised and people are granted the right to sign-in within a few moments. The manager conducting the new persons induction training can include this request to make sure that the new person knows how to sign-in. | | 7. The new person request may not be applicable for all new people and normal support request may be made to handle specific exceptions. The approval person can only assign access rights up to the same level as their own rights. The approval person can only request that a new person from their own branch is added. The new person request can only be used once for each new person. | | 8. An objective of the new person request is to be able to get people in a position where they can sign-in without any delay. It is not an objective to collect a comprehensive HR set of data at this point in time - other HR details may be collected at a later time and may be collected using self-service requests by the new person. | | 9. A known exception in 2017 is that people in Head Office and Nordic branches will add a support request rather than use the new person request. Slightly different laws and compliance requirements may apply to such people. |
| 2. Procedure: | | 1. From the branch dashboard, click "Self-Service Support..." to popup page 2201. From the Self-Service dashboard, click "New Person Request..." to popup page 2232. | | 2. In the top-left menu bar, click "guide..." to popup this how to do it guide page 164311. | | 3. In the top-left menu bar, click "new..." to popup the new person request form. The key points of the procedure are replicated at the bottom of the page. | | 3. Enter all the details about the new person - advice about each field is shown to the right of each field. | | 4. When all the field values are complete and correct, the image changes to give the manager the opportunity to verify everything before the new person is granted access rights. | | 5. When the new person has been granted access right, the page changes to show the new person their sign-in details. Because the manager will see this page, a one-time pass-phrase is used that shall expire in one hour. | | 6. The sign-in details may be printed, email or phoned to the new person, together with a note of the expiry time. |
| 3. New Person Sign In: | | 1. Open any browser on any computing device and enter the application service domain name - the home page will be shown. | | 2. From the top menu bar, click "Sign In" to show the Authentication page 1003. | | 3. Enter the handle as field (a) shown on the new person request page. | | 4. Enter the email address as field (b) as shown. | | 5. Enter the pass phrase as field (c) as shown. | | 6. Select that you agree with the terms of use - the welcome page is shown with you permanent pass phrase that must be remembered. |
| 4. One-Time Pass-Phrase: | | 1. The one-time pass-phrase is used in exactly the same way as a permanant pass-phrase. No back door has been created that could be exploited by a criminal. | | 2. A unique feature of the one-time pass-phrase is that it is numeric (like a telephone number) and suitable to be communicated face-to-face or by phone. | | 3. The act of using the one-time pass-phrases causes the one-time pass-phrase to instantly expire. | | 4. When the new person signs in with their one-time pass-phrase they will be shown their permanent pass-phrase that must be remembered and not shared with any other person for any reason. The persons permanent pass-phrase is automatically generated by your application service according to evolving rules that ensure that the pass-phrase has never been used before and is suitable for permanent use. No person can view a persons permanent pass-phrase after the one-time welcome page has shown it to the new person. Encryption methods are deployed to ensure that the pass-phrase and all other personal data cannot be stolen or viewed. | | 5. Artificial intelligence monitors and escalates all one-off pass-phrases to Monica who will raise an alert to stop any unusual behaviour. |
| 5. Name Validation: | | 1. The persons name must be 2 or 3 alphabetic words with spaces, hyphen or apostrophe. | | 2. The name must have an overall minimum length that is logical and reasonable. | | 3. A persons name must not contain numbers of other symbols. | | 4. Your application service shall capitalise the persons name - its case is not checked when signing in. | | 5. The persons name must be unique - it is not permitted to request more than one person with exactly the same name. |
| 6. Email Validation: | | 1. The persons email must conform with international standards for emails. | | 2. The persons email shall be lower case - it is not case sensitive when signing in. | | 3. The persons email shall have a minimum length that is logical and reasonable. | | 4. The persons email must be unique - it is not permitted to request more than one person with exactly the same email address. |
| 7. Function Validation: | | 1. Not every function is provided in the drop down list, because a person cannot assign rights greater than their own rights. | | 2. The new person procedure is not applicable for new people who have a function that is not in the drop down list. |
| 8. Department Validation: | | 1. Not every department is provided in the drop down list, because departments are dependent on the approving persons branch office. | | 2. The new person procedure is not applicable for new people who have a department that is not in the drop down list. |
| Improvement Schedule: | | 1. General Data Protection Regulations (GDPR) are elevating all security measures to new heights. In 2018, people will be able to change their own unique pass-phrases, but those pass-phrases must be at least as strong as the assigned pass-phrases. Pass-phrases will have less symbols but be much longer as many words making up a phrase. In 2018, people will be able to change their own unique handle - people have the right to make up their own handles for their own exclusive benefit. | | 2. Self-service facilities are evolving so people have the right to view and correct their own personal details. GDPR makes an obligation to keep personal information accurate and up to date - this is achieved by giving people the duty to change their own profile and review their own profile at least once per year. | | 3. Self-service facilities are evolving to include (1) a persons right to be forgotten and (2) a subject access request for a person to view all their personal details. These facilities are applicable to all customer contact people as well as people approved to sign-in. |
| Security Statement: | | 1. Pass phrases are the single most important part of any application service and so they are assigned to ensure that they are unique and strong enough to resist any criminal attack. Pass phrases are encrypted in many layers using different methods that can resist all criminal attacks. Pass phrases are hidden in places that criminals may not look and if they did look, they could not recognise an encrypted pass phrase. Passwords are not good enough for such a business application and professional authentication service. | | 2. All Personally Identifiable Information (PII) is encrypted using many different methods including fragmentation, tokenization and pseudonymisation. The result is that a criminal will never be able to identify any PII and will never be able to decrypt any PII. Excessive levels of encryption ensures that a data breach can never happen, that ICO notification procedures are not needed and people will never be asked to change their password. | | 3. Automated attack tools that can guess passwords at a rate of 10,000 guesses per second will never work because after three guesses, the persons profile is blocked and all subsequent guesses are ignored. The maximum criminal attack rate is three guesses per day. When a criminal attack is identified it is blocked before the sign-in page is shown to prevent more guesses. | | 4. Multiple factors are used to identify an approved person with the pass phrase being just one or many factors. Human behaviour is the most significant authentication factor that can issolate abnormal criminal behaviour from normal approved user behaviour. Continual monitoring 24*7 of each and every sign-in process is a fundamental part of this authentication service. |
| Document Control: | | 1. Document Title: New Person Request. | | 2. Reference: 164311. | | 3. Keywords: Self-Service Support New Person Request. | | 4. Description: Self-Service Support New Person Request. | | 5. Privacy: Public education service as a benefit to humanity. | | 6. Issued: 9 Jan 2017. | | 7. Edition: 1.2. |
|
|