Smartstaff
2,173
edits
Changes
m
(image placeholder)[[File:2024-07-ticket-145858.png|thumb|none|800px|A sample login page containing a link to view the organization’s privacy and security policies before logging in.]]
(image placeholder)[[File:2024-07-ticket-145858-2.png|thumb|none|800px|A list of possible user policy options are available in the settings.]]
Users may be required to acknowledge or accept a set of policies before being shown the signup page form. This ensures the user is aware of the terms and conditions of using the system as well as how their data may be collected, used, and stored.
(image placeholder)Administrators can see who has accepted any policy at a given time by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Privacy and Security Policies''' > Edit the desired policy > Click on "User Logs" in the left navigation. Here you will see a list view of all users that have accepted a policy along with pertinent information and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email.
In this section, we will outline how to set up a new policy, how to manage policy enforcement and revisions, how to attach policies to various collection points, and how to view acceptance. You must be a Global Administrator to configure policies.
<u>'''Note:'''</u> There is currently no mechanism to migrate existing policies into the new format. If you wish to keep using an existing policy, you'll need to recreate it using the new policy builder. Old policy acceptance data will still be retained.
Once a policy enters “Active” status, no changes can be made to the content within policy sections. If changes are needed, a new version of the policy must be created. To make changes to an existing policy, follow these steps: # Go to '''Global Settings ''' > '''Security ''' tab > '''Privacy and Security Policies ''' > Edit the desired policy > Click the '''New Version ''' button in the submit bar. # An alert will display warning you that a new version of this policy will be created in “Draft” status. Once the new version is activated, it will replace the previous version. Click “Yes” to proceed. # A new version of the policy will be created in “Draft” status. Make the necessary changes to this version. # Once you are happy with the changes, click the '''Activate Version ''' button in the submit bar to replace the previous version.
An expired policy will no longer be enforced but may be activated again in the future. Acceptance data for an expired policy will still be available. For compliance reasons, there is no option to completely delete a policy.
To create language translations of a policy, follow these steps:
# Administrators can see who has accepted any policy, and when, by navigating to Menu Icon > Global Settings > [[Category:Security tab > Privacy and Security Policies > Edit the desired policy > click on “User Logs” in the left navigation. Here you will see a list view of all users that have accepted a policy, along with pertinent information, and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email. # Administrators can see a list of all accepted policies by navigating to Menu Icon > Global Settings > Security tab > Privacy and Security Policies > User Logs tab.]]
no edit summary
==About Privacy Policies==
===What are privacy and security policies?===
Privacy policies outline how a website collects, uses, stores, and protects user data, providing visitors with the assurance that their personal information is handled with care and respect. Security policies, on the other hand, detail the technical and procedural measures implemented to defend against cyber threats and data breaches. Together, these policies protect users from identity theft, fraud, and other online risks. For example, SmartSimple has its own privacy and security policies which can be read in full at the [https://www.smartsimple.com/trust-security-overview Trust & Security Center on our website].
===Are policies mandatory to have?===
Privacy and security policies may be mandatory by law depending on the end-user’s location. For example, the [[General Data Protection Regulation (GDPR)]] is an information privacy regulation enacted by the European Union (EU) to protect individuals' privacy and personal data. The GDPR gives EU citizens more control over their personal data and sets strict guidelines for data processing and privacy practices for organizations operating within and outside the EU. Having privacy and security policies aligned with the GDPR is required for legal compliance and helps safeguard individuals' rights to privacy.
===Can I use this feature to track other compliance activities?===
The privacy and security policies feature can be utilized to track and manage various other policies and compliance activities. For instance, you might opt to use this feature to monitor conflict of interest attestations or agreements to other terms and conditions.
===What are the differences between the new privacy policies feature and the old one?===
The new privacy and security policies feature will be available starting July 2024. Policies created using the old feature must be recreated in the new privacy feature as they will not be migrated. You must opt in to using use the new privacy and security policies feature.
===Login Pages===
Before logging in, users may be able to preview specific policies based on configuration as seen below.
<u>'''Note:'''</u> Since the user has not yet logged in, only policies without any role or country permissions will be visible to the user.
After logging in, most systems require users to accept some policies before the user is granted access to the system. These policies typically outline the responsibilities and expectations of each party when using the system. Depending on the configuration, the end user will have the option to acknowledge, accept, or decline a given policy.
===Signup Pages===
Users may be required to acknowledge or accept a set of policies before being shown the signup page form. This ensures the user is aware of the terms and conditions of using the system as well as how their data may be collected, used, and stored.
===On Record Creation===
When a user creates a Level 1 record (such as when applying to a program), they may be prompted to accept or acknowledge a set of policies tailored to the Level 1 type being created. Similarly, when a user creates a Level 2 record (like a review), they may also be asked to accept or acknowledge a set of policies which may include a conflict-of-interest attestation. These policies will be displayed to the user before the user can fill out the form and will be shown each time the user creates a new Level 1, 2, or 3 record of a specific type.
<u>'''Note:'''</u> If you are creating records using the web-enabled template page, the policies visible to the user cannot be determined by any user roles or country as the user cannot have any roles or countries attached to them when they are not logged in. To have these policies be displayed to a user who is not logged in, all permissions on the policy retaining pertaining to user roles or countries must be left empty.
===Viewing Accepted Policies===
Users can view a list of accepted or acknowledged policies at any time by clicking on the lock icon labeled "Privacy & Security" in the global header. This list view displays the collection point, version, and the date when the policy was accepted. Additionally, users can open a PDF to view the contents of the policy as it was at the time of acceptance.
[[File:2024-07-ticket-145858-3.png|thumb|none|800px|Users can view a list of accepted or acknowledged policies at any time by clicking on click the lock icon labeled "Privacy & Security" in the global header. This to see a list view displays the collection point, version, and the date when the policy was of policies they have acceptedor acknowledged. Additionally, users can open a PDF to view the contents of the policy as it was at the time of acceptance.]]
[[File:2024-07-ticket-145858-4.png|thumb|none|800px|Administrators can see who has accepted any policy at which users have interacted with a given time policy by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Privacy and Security Policies''' > Edit clicking the desired policy > Click on “User Logs” in "User Logs" link the left -hand navigation. Here you will see a list view of all users that have accepted a policy along with pertinent information and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email.]]
=Configuration=
In this section, we will outline how to set up a new policy, how to manage policy enforcement and revisions, how to attach policies to various collection points, and how to view acceptance. You must be a Global Administrator to configure policies.
<u>'''Note:'''</u> There is currently no mechanism to migrate existing policies into the new format. If you wish to keep using an existing policy, you'll need to recreate it using the new policy builder. Old policy acceptance data will still be retained.
# Repeat steps 2 to 4 adding additional sections and content as needed.
# (Optional) If a certain policy section should only be displayed to specific users and/or countries, navigate to the '''Permissions''' tab to define this in more detail.
==Periodically Enforcing an Active Policy==
In some scenarios, it may be advantageous to force users to re-accept the same policy after a set interval of time. For example, users may need to re-accept a policy on an annual basis. Instead of creating a new version of the policy each year, you can set an '''Enforcement Interval ''' to automatically force the re-acceptance of a policy. For example, if users need to re-accept a policy on an annual basis, go to '''Global Settings ''' > '''Security ''' tab > '''Privacy and Security Policies ''' > Edit the desired policy > Under '''Enforcement Interval''', select “Annual”. Currently, policies can be enforced periodically on an annual, quarterly, monthly, weekly, or daily basis.
<u>'''Note:'''</u> The enforcement interval '''Enforcement Interval''' only applies to policies attached to login pages.
==Editing an Active Policy==
Once a policy enters “Active” status, no changes can be made to the content within policy sections. If changes are needed, a new version of the policy must be created. To make changes to an existing policy, follow these steps:
<u>'''Note:'''</u> Previous policy versions will continue to be enforced until a new version is moved to “Active” status.
==Expiring a Policy==
An expired policy will no longer be enforced but may be activated again in the future. Acceptance data for an expired policy will still be available. For compliance reasons, there is no option to completely delete a policy.
To retire an active policy, go to '''Global Settings ''' > '''Security ''' tab > '''Privacy and Security Policies ''' > Edit the desired policy > Click the '''Expire Version ''' button in the submit bar.
==Creating Language Translations==
To create language translations of a policy, follow these steps:
# Go to '''Global Settings ''' > '''Security ''' tab > '''Privacy and Security Policies ''' > Edit the desired policy > Click the “Policies Translation Settings” button in the top action bar.# Select the target language under the '''Language ''' dropdown.# Enter a translated title inside the '''Name ''' field.# Click '''Save'''. # Exit the translation modal and click the “Policy Builder” link in the left-navigation bar.
# Edit the desired policy section by clicking the pencil icon.
# Click the “Policies Section Translation Settings” button at the top of the modal window. # Enter the relevant translated text and click '''Save'''.
# Continue to add text translations to the remaining policy sections.
==Viewing Policy Acceptance==
User acceptance logs can be accessed in three ways:
# Users can view a list of accepted or acknowledged policies by clicking on the lock icon labeled "Privacy & Security" in the global header. This list view displays the collection point, version, and the date when the policy was accepted. Additionally, users can open a PDF to view the contents of the policy as it was at the time of acceptance. Depending on configuration an administrator could emulate a user to see what that user accepted.
# Administrators can see who has accepted any policy, and when, by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Privacy and Security Policies''' > Edit the desired policy > click on “User Logs” in the left navigation. Here you will see a list view of all users that have accepted a policy, along with pertinent information, and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email.
# Administrators can see a list of all accepted policies by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security t'''ab > '''Privacy and Security Policies''' > '''User Logs''' tab.
