% This file was converted to LaTeX by Writer2LaTeX ver. 0.4
% see http://www.hj-gym.dk/~hj/writer2latex for more info

\svnidlong
{$HeadURL$}
{$LastChangedDate$}
{$LastChangedRevision$}
{$LastChangedBy$}
\svnid{$Id$}

\section{Security}
\label{sec:Security}
\subsection{User Security}
\label{sec:UserSecurity}
User security is provided through:

\begin{enumerate}
\item User Accounts {--} to control access to the system to authorised
users only;
\item User Roles {}- to control user access to system functionality;
\end{enumerate}
\subsubsection{\label{sec:UserAccounts}User Accounts}
The user provides a valid user name and password to access their system
account. Each user name is unique within the system. Each account is
associated with a single User Role (see User Roles, below) and,
optionally, a single Supplier that the account user works on behalf of.
A user may have multiple user accounts: this allows the user to
represent more than one Supplier or have multiple roles. For example,
Peter Smith may have user name PSMITHMETHANE when representing one
Supplier and user name PSMITHBIO when representing a second Supplier.

Advantica retains access to the system for support purposes.

\paragraph{Password Complexity}
Passwords held within the webMIP system conform to the following rules:

\begin{enumerate}
\item Minimum length of 8 characters
\item Contain a non{}-alphanumeric character e.g. \%
\item Contain upper case and lower case characters
\item Contain alpha and numeric characters
\end{enumerate}

\paragraph{Password expiry}
Passwords expire after 30 days. After this time user is able to log in
to the system but is forced to enter a new password before they can
gain access to system. After 60 days the user is unable to access the
system and the account is locked. The account is unlocked either by the
webMIP administrator or, where the account is for a Supplier Agent, the
associated Supplier Administrator. 

\paragraph{Forgotten passwords}
Forgotten passwords are reset by users with the role of webMIP
Administrator or Supplier Administrator. The Supplier Administrator
role can only reset the passwords of accounts associated with the same
Supplier as that represented by the Supplier Administrator. The webMIP
Administrator role is able to reset all account passwords.

\paragraph{File Uploads}
Files that are uploaded to the webMIP system are scanned for viruses or
malicious content. However, it is the responsibility of users to have
adequate virus protection before they upload or download files to or
from the system. Files identified as containing \ a virus or malicious
content are removed from the system and the associated enquiry is
marked with warning text stating that the file has been removed for
security reasons. 

Further security details will be defined in the design phase of the
project.

\subsubsection{User Roles}
\label{sec:userroles}
The different users of the system can be defined within five separate
roles:

\begin{enumerate}
\item webMIP Administrator;
\item I\&C User;
\item I\&C Customer Services;
\item Supplier Administrator;
\item Supplier Agent.
\end{enumerate}

These different roles fall into the hierarchy described in Figure \ref{fig:UserRoleHierarchy}:

\begin{figure}
\includegraphics[width=\textwidth]{userhierachy}
\caption{User Role Hierarchy}
\label{fig:UserRoleHierarchy}
\end{figure}

\paragraph{webMIP Administrator}
The webMIP Administrator role is able to control the overall system e.g.
editing module and add-on data, running system reports, etc. 

The role is able to create, view, update and delete users with the roles
of Supplier Administrator, Supplier Agent, I\&C User and I\&C Customer
Services. The webMIP Administrator can also perform all of the
functions available to the I\&C User and the I\&C Customer Services
roles. When creating or editing the Supplier Agent, the webMIP
Administrator, will be forced to associate the Supplier Agent with an
existing Supplier Administrator.

The Administration section of this document has further information on
the administrative functions that can be performed by the webMIP
Administrator role. 

\paragraph{I\&C User}
The I\&C User role is able to complete all of the main day{}-to{}-day
tasks required within the webMIP system. The I\&C User role is able to:

\begin{enumerate}
\item Create and enter enquiries on behalf of any Supplier Agent listed
in the webMIP system;
\item Accept and reject quotes on behalf of a Supplier Agent;
\item Upload a manual bespoke quote to the webMIP system;
\item View all enquiries and quotes within the system enabling I\&C
users to to provide support for the Supplier Agents in populating
enquiry details and resolving their queries.
\end{enumerate}
Where a user with I\&C User role performs work on behalf of a Supplier
Agent, they are subject to the same restrictions as the account on
whose behalf they are working. For example, they can only create
enquiries or accept quotes for the Supplier represented by the Supplier
Agent account. The system records activities performed by the I\&C User
role on behalf of Supplier Agents.

Where a user with I\&C User role accepts a quote on behalf of a Supplier Agent, the user records evidence of supplier approval (e.g. reference to email, document, etc.) against the acceptance.
\paragraph{I\&C Customer Services}
The I\&C Customer Services role is able to view all enquiries and quotes
within the webMIP system, but is unable to edit or update any data. The
role allows the customer services team within I\&C to provide support
for the Supplier Agents. 

\paragraph{Supplier Administrator}
The role of Supplier Administrator is able to maintain data relating to
the supplier to which the user is associated.

The Supplier Administrator role is also able to create, view, edit and
delete users with the role of Supplier Agent. Each user created in this
way is associated with the supplier represented by the Supplier
Administrator.

\paragraph{Supplier Agent}
A user may have the role of Supplier Agent for multiple suppliers. Each
instance of the Supplier Agent role requires a user account dedicated
to that supplier.

The Supplier Agent role is able to create enquiries and view or edit
enquiries that have been created by other agents associated with the
same supplier. 

The Supplier Agent role can submit enquiries for quotation and accept or
reject quotes for their associated supplier.

When a Supplier Agent creates a new enquiry the system will
automatically associate their related Supplier details to the enquiry.

\paragraph{Action Matrix}
The action matrix listed below outlines some key functions of the webMIP
system and the roles that can perform them.

\begin{longtable}[c]{ p{0.3\textwidth}  *{5}{ p{0.1\textwidth} } }
\toprule
{\bfseries
Role}
\newline
{\itshape
Action}
&
{\bfseries
WebMIP Admin}
&
{\bfseries
I\&C User}
&
{\bfseries
I\&C Cust}

{\bfseries
Services}
&
{\bfseries
Supplier}

{\bfseries
Admin}
&
{\bfseries
Supplier}

{\bfseries
Agent}
\\
\midrule
\endhead
{\itshape
Create enquiry}
&
X
&
X
&
&
&
X
\\
{\itshape
Read enquiry}
&
X
&
X
&
X
&
&
X*
\\
{\itshape
Submit enquiry}
&
&
X
&

&

&
X*
\\
{\itshape
Delete enquiry}
&
X
&
&

&

&

\\
{\itshape
Store enquiry}
&
X
&
X
&

&

&
X*
\\
{\itshape
Upload files to enquiry}
&
X
&
X
&

&

&
X*
\\
{\itshape
Accept quote}
&
X
&
X
&
&
&
X*
\\
{\itshape
Reject quote}
&
X
&
X
&

&

&
X*
\\
{\itshape
Delete quote}
&
X
&

&

&

&

\\
{\itshape
Upload files to quote}
&
X
&
X
&

&

&

\\
{\itshape
Run system reports}
&
X
&

&

&

&

\\
{\itshape
Delete files from enquiry}
&
X
&
X
&

&

&

\\
{\itshape
Create I\&C users}
&
X
&

&

&

&

\\
{\itshape
Delete I\&C users}
&
X
&

&

&

&

\\
{\itshape
Create Supplier Admin users}
&
X
&
&
&
&
\\
{\itshape
Delete Supplier Admin users}
&
X
&
&
&
&
\\
{\itshape
Create Supplier Agents}
&
X
&

&

&
X**
&

\\
{\itshape
Delete Supplier Agents}
&
X
&

&

&
X**
&

\\
{\itshape
View Supplier Agents}
&
X
&
X
&
X
&
X**
&
X*
\\
{\itshape
Reset User Password}
&
X
&

&

&
X**
&

\\
{\itshape
Edit/Read/Delete/Create system data}
&
X
&
&
&
&
\\
{\itshape
Perform Bulk Upload}
&
X
&
&
&
&
\\
\midrule
\multicolumn{6}{  p{\columnwidth}  }{*Only those related to the Supplier that
the Agent is associated with.
\newline
**Only those created by the same Supplier Administrator}
\\
\bottomrule
\caption{Action Matrix}
\label{tab:ActionMatrix}
\end{longtable}

\paragraph{Advantica administration}
Advantica use the built{}-in management tools provided by the chosen
software solution to manage, maintain and investigate issues relating
to the webMIP system. This administration function is considered
outside the scope of the webMIP system functions.

For support purposes, an Advantica user may request the creation of
accounts with the above roles.

\subsection{System Security}
The security requirements defined in \ref{sec:UserSecurity} show how the
system controls access to functionality. The system has two further
forms of security:

\begin{enumerate}
\item Physical security {--} relating to the physical security of the
environment in which the system resides. There are no defined
requirements for physical security, however the check{}-list in Appendix \ref{sec:AppendixPhysicalEnvironment}  will be used by the business and NG IS to confirm the suitability
of the physical environment;
\item Application development security {--} the check{}-list Appendix \ref{sec:AppendixApplicationDevelopment} 
\  in describes a set of controls that were applied, where appropriate, during
development of the application.
\end{enumerate}