
Jump to: navigation, search

Privacy and Security Policies

4,096 bytes added, 19:23, 13 May 2024
no edit summary
<u>'''Note:'''</u> There is currently no mechanism to migrate existing policies into the new format. If you wish to keep using an existing policy, you'll need to recreate it using the new policy builder. Old policy acceptance data will still be retained.
==Policy Life Cycle==
There are three states in the policy life cycle:
# '''Draft Status''' - When a policy is first created, it will enter “Draft” status. In this status you may make changes to the contents of the policy freely.
# '''Active Status''' - Once a policy has been moved to the active status, its contents cannot be edited without creating a new policy version. While a policy may have several versions with each version containing different content, only one version may be active at a time.
: <u>'''Note:'''</u> For an active policy to be enforced, it must have an “Effective Date” set in the past.
# '''Expired Status''' - When a policy becomes unnecessary, it can be marked as "Expired." An expired policy won't be enforced at any collection point. However, users can still see that they accepted the policy in the past by accessing the lock icon in the header labeled "Privacy and Security." Expired policies can be reinstated with an “Active” status at any time without creating a new version.
==How Users Interact with Policies==
==Policy Life Cycle==Users may encounter privacy and security policies in a number of collection points within your system depending on the configuration. As an example, let’s walk through some different areas of the system where the user may encounter a policy and be asked to accept it. '''Login Pages''' Before logging in, users may be able to preview specific policies based on configuration as seen below. (image placeholder) <u>'''Note:'''</u> Since the user has not yet logged in, only policies without any role or country permissions will be visible to the user.  After logging in, most systems require users to accept some policies before the user is granted access to the system. These policies typically outline the responsibilities and expectations of each party when using the system. Depending on the configuration, the end user will have the option to acknowledge, accept, or decline a given policy. (image placeholder) '''Signup Pages''' Users may be required to acknowledge or accept a set of policies before being shown the signup page form. This ensures the user is aware of the terms and conditions of using the system as well as how their data may be collected, used, and stored.  '''On Record Creation''' When a user creates a Level 1 record (such as when applying to a program), they may be prompted to accept or acknowledge a set of policies tailored to the Level 1 type being created. Similarly, when a user creates a Level 2 record (like a review), they may also be asked to accept or acknowledge a set of policies which may include a conflict-of-interest attestation. These policies will be displayed to the user before the user can fill out the form and will be shown each time the user creates a new Level 1, 2, or 3 record of a specific type.  <u>'''Note:'''</u> If you are creating records using the web-enabled template page, the policies visible to the user cannot be determined by any user roles or country as the user cannot have any roles or countries attached to them when they are not logged in. To have these policies be displayed to a user who is not logged in, all permissions on the policy retaining to user roles or countries must be left empty.  '''Viewing Accepted Policies''' Users can view a list of accepted or acknowledged policies at any time by clicking on the lock icon labeled "Privacy & Security" in the global header. This list view displays the collection point, version, and the date when the policy was accepted. Additionally, users can open a PDF to view the contents of the policy as it was at the time of acceptance. (image placeholder) Administrators can see who has accepted any policy at a given time by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Privacy and Security Policies''' > Edit the desired policy > Click on “User Logs” in the left navigation. Here you will see a list view of all users that have accepted a policy along with pertinent information and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email.   
==Setting Up a Global Policy==

Navigation menu