Changes

Jump to: navigation, search

Privacy and Security Policies

635 bytes added, 14 May
m
no edit summary
==About Privacy Policies==
 
===What are privacy and security policies?===
 
Privacy policies outline how a website collects, uses, stores, and protects user data, providing visitors with the assurance that their personal information is handled with care and respect. Security policies, on the other hand, detail the technical and procedural measures implemented to defend against cyber threats and data breaches. Together, these policies protect users from identity theft, fraud, and other online risks. For example, SmartSimple has its own privacy and security policies which can be read in full at the [https://www.smartsimple.com/trust-security-overview Trust & Security Center on our website].
===Are policies mandatory to have?===
 
Privacy and security policies may be mandatory by law depending on the end-user’s location. For example, the [[General Data Protection Regulation (GDPR)]] is an information privacy regulation enacted by the European Union (EU) to protect individuals' privacy and personal data. The GDPR gives EU citizens more control over their personal data and sets strict guidelines for data processing and privacy practices for organizations operating within and outside the EU. Having privacy and security policies aligned with the GDPR is required for legal compliance and helps safeguard individuals' rights to privacy.
===Can I use this feature to track other compliance activities?===
 
The privacy and security policies feature can be utilized to track and manage various other policies and compliance activities. For instance, you might opt to use this feature to monitor conflict of interest attestations or agreements to other terms and conditions.
===What are the differences between the new privacy policies feature and the old one?===
 The new privacy and security policies feature will be available starting July 2024. Policies created using the old feature must be recreated in the new privacy feature as they will not be migrated. You must opt in to using use the new privacy and security policies feature.
===Login Pages===
 
Before logging in, users may be able to preview specific policies based on configuration as seen below.
(image placeholder)[[File:2024-07-ticket-145858.png|thumb|none|800px|A sample login page containing a link to view the organization’s privacy and security policies before logging in.]]
<u>'''Note:'''</u> Since the user has not yet logged in, only policies without any role or country permissions will be visible to the user.
After logging in, most systems require users to accept some policies before the user is granted access to the system. These policies typically outline the responsibilities and expectations of each party when using the system. Depending on the configuration, the end user will have the option to acknowledge, accept, or decline a given policy.
(image placeholder)[[File:2024-07-ticket-145858-2.png|thumb|none|800px|A list of possible user policy options are available in the settings.]]
===Signup Pages===
Users may be required to acknowledge or accept a set of policies before being shown the signup page form. This ensures the user is aware of the terms and conditions of using the system as well as how their data may be collected, used, and stored.
Users may be required to acknowledge or accept a set of policies before being shown the signup page form. This ensures the user is aware of the terms and conditions of using the system as well as how their data may be collected, used, and stored.
===On Record Creation===
 
When a user creates a Level 1 record (such as when applying to a program), they may be prompted to accept or acknowledge a set of policies tailored to the Level 1 type being created. Similarly, when a user creates a Level 2 record (like a review), they may also be asked to accept or acknowledge a set of policies which may include a conflict-of-interest attestation. These policies will be displayed to the user before the user can fill out the form and will be shown each time the user creates a new Level 1, 2, or 3 record of a specific type.
<u>'''Note:'''</u> If you are creating records using the web-enabled template page, the policies visible to the user cannot be determined by any user roles or country as the user cannot have any roles or countries attached to them when they are not logged in. To have these policies be displayed to a user who is not logged in, all permissions on the policy retaining pertaining to user roles or countries must be left empty. 
===Viewing Accepted Policies===
Users can view a list of accepted or acknowledged policies at any time by clicking on the lock icon labeled "Privacy & Security" in the global header. This list view displays the collection point, version, and the date when the policy was accepted. Additionally, users can open a PDF to view the contents of the policy as it was at the time of acceptance.
[[File:2024-07-ticket-145858-3.png|thumb|none|800px|Users can view a list of accepted or acknowledged policies at any time by clicking on click the lock icon labeled "Privacy & Security" in the global header. This to see a list view displays the collection point, version, and the date when the policy was of policies they have acceptedor acknowledged. Additionally, users can open a PDF to view the contents of the policy as it was at the time of acceptance.]]
(image placeholder)Administrators can see who has accepted any policy at a given time by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Privacy and Security Policies''' > Edit the desired policy > Click on "User Logs" in the left navigation. Here you will see a list view of all users that have accepted a policy along with pertinent information and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email.
[[File:2024-07-ticket-145858-4.png|thumb|none|800px|Administrators can see who has accepted any policy at which users have interacted with a given time policy by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Privacy and Security Policies''' > Edit clicking the desired policy > Click on “User Logs” in "User Logs" link the left -hand navigation. Here you will see a list view of all users that have accepted a policy along with pertinent information and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email.]]
=Configuration=
In this section, we will outline how to set up a new policy, how to manage policy enforcement and revisions, how to attach policies to various collection points, and how to view acceptance. You must be a Global Administrator to configure policies.
In this section, we will outline how to set up a new policy, how to manage policy enforcement and revisions, how to attach policies to various collection points, and how to view acceptance. You must be a Global Administrator to configure policies.
<u>'''Note:'''</u> There is currently no mechanism to migrate existing policies into the new format. If you wish to keep using an existing policy, you'll need to recreate it using the new policy builder. Old policy acceptance data will still be retained.
<u>'''Note:'''</u> There is currently no mechanism to migrate existing policies into the new format. If you wish to keep using an existing policy, you'll need to recreate it using the new policy builder. Old policy acceptance data will still be retained.
# Repeat steps 2 to 4 adding additional sections and content as needed.
# (Optional) If a certain policy section should only be displayed to specific users and/or countries, navigate to the '''Permissions''' tab to define this in more detail.
 
==Viewing Policy Acceptance==
User acceptance logs can be accessed in three ways:
 
# Users can view a list of accepted or acknowledged policies by clicking on the lock icon labeled "Privacy & Security" in the global header. This list view displays the collection point, version, and the date when the policy was accepted. Additionally, users can open a PDF to view the contents of the policy as it was at the time of acceptance. Depending on configuration an administrator could emulate a user to see what that user accepted.
# Administrators can see who has accepted any policy, and when, by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security''' tab > '''Privacy and Security Policies''' > Edit the desired policy > click on “User Logs” in the left navigation. Here you will see a list view of all users that have accepted a policy, along with pertinent information, and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email.
# Administrators can see a list of all accepted policies by navigating to '''Menu Icon''' > '''Global Settings''' > '''Security t'''ab > '''Privacy and Security Policies''' > '''User Logs''' tab.
# Administrators can see who has accepted any policy, and when, by navigating to Menu Icon > Global Settings > [[Category:Security tab > Privacy and Security Policies > Edit the desired policy > click on “User Logs” in the left navigation. Here you will see a list view of all users that have accepted a policy, along with pertinent information, and a PDF of what the policy contained at the time of acceptance. A search is also available to easily find users by name or email. # Administrators can see a list of all accepted policies by navigating to Menu Icon > Global Settings > Security tab > Privacy and Security Policies > User Logs tab.]]
Smartstaff
2,353
edits

Navigation menu