Application Security ICEflo Implementations in a Controlled Environment

Application Security

Authentication

All users of the ICEflo solution must authenticate themselves in order to access the service. Authentication in the current version is based on each user providing a user account and a password, entered via the ICEflo login web page. The user account is the person's email address and the password is invisible when entered. Please refer to User Accounts for further details on the current authentication implementation.

Authorisation

The ICEflo application has four predefined levels of authorisation, as listed below:

• Administrator
  
• Manager
  
• Technical
  
• Read-only

Each user defined in the ICEflo solution is assigned to one of these four authorisation levels. The authorisation level determines the level of functionality available to the user, operating initially at the level of restricting the application domains that are presented as tabs to the user to fine-grained access to lower level functionality within the application e.g. a user with technical authorisation level can approve a task but cannot approve an SoE.

Access Control

All users are defined within the ICEflo solution and held in an internal User database. Users are defined by default as “Active” and subject to authorisation credentials and associated restrictions, can log into the service and use the application. There is also the facility to de-activate a user, which means that they can no longer access the service but that there transaction history within the service is retained. Users can be de-activated and re-activated at any time by the Client Administrator. This is a useful feature when engaging 3rd party staff to participate on a transient basis in the implementation space.

Audit

There is extensive auditing functionality within the ICEflo solution. Some examples are provided below:

• Login history – used primarily to track subscription usage and to generate associated billing information
  
• SoE History – a record of creation, approval, activation and outcome
  
• Post-Commit changes – any changes made to the SoE after the commit status will be logged
  
• Task details – timestamps are recorded for each task, at all stages of the task lifecycle
  
• Email and SMS – any communications sent from ICEflo are logged

Document Repository

One of the key features of ICEflo is the ability to associate one or more documents with an implementation or task. These documents can be in any commonly used format e.g. Word, Excel, PDFs etc. Documents uploaded into ICEflo are held securely in the Oracle database and can only be accessed by members of the same organisation who are authenticated and belong to the same ICEflo instance. If a user has access to read the SoE which has documents attached, they have access to the documents themselves.

An alternative approach to uploading documents to the Oracle database is to refer back to the customer site with a reference to the documents in question (by URL). In this scenario, access to any specific document is controlled by the customer’s security implementation (e.g. Active Directory, Sharepoint site permissions etc). For customers who prefer documents to be referenced by links only, ICEflo can be configured to enforce this business rule.