vTiger CRM is an online, web-based system which is convenient for centralized data storage, easy to access and share information among members of the enterprise. Also, this results issues in information safety. The deployment of such systems requires a sufficient and comprehensive approach of information safety: human resources, policies, process, technique and legal issue.
Notes:
Information safety is a larger concept than information security. It includes rules/settings to ensure that users can access the right information anytime they want, and to prevent the system from various risks. These rules/settings relates to information storage and recovery function, authorization and access management, loss prevention, information security in storage and transfer etc.
vTiger CRM itself can well monitor those functions. Some other monitors (e.g.: Human resources) will involve company policies and method of system deployment:
About vTiger CRM:
- Authorization: On Database or LDAP (Lightweight Directory Access Protocol)
- Access management: by individual, by group, or by profile.
- Sharing Access: concrete to each role, feature, level (view, edit, delete)
- Inspection: Record user's activities (Login History, Audit Trails)
- Backup: A mechanism to easily backup
- Program errors: The application has been developed and experimented to cope with popular hacking methods. Patches related to security are provided whenever an error is found by community.
Methods of deployment and using:
a) There must be clear policy and procedure about information safety related to deployment, operation and using the Information Technology system in general, and CRM [http://www.softwareoutsourcing.biz/CustomerCRM.html] application in particular.
E.g.:
• Rules to set, remember and change (periodically) passwords
• Assign staff to be responsible for installation, operation, issue settlement.
• Make plan to deal with accidents or incidents when they occur.
b) Human resources (IT Admin) must have experience in managing and monitoring safety of network and application system (especially web-based applications)
c) Server:
• Location: Server must be separately located, only authorized staffs can have access.
• Use the Operating System with high level of sustainability and safety, hardened properly (e.g.: Turn off unnecessary services, set up firewall, close ports, turn off or only allow access from fixed IP etc.)
• Setting up anti-virus program
d) Range of access: Public Internet - through VPN - only in LAN
e) Applications, softwares:
• Use the official versions from reliable resources
• Frequently monitor and upgrade or apply patches related to security
f) Configuration:
• Assign users by roles, responsibility as well as policy and rules of the enterprise
• Establish data backup mechanism: back up online, off-line, off-site or backup by coding the data.
g) Operation monitoring
• Implement backup
• Grant and disable user accounts
• Monitor and detect activities affecting safety of system and data (intentionally or unintentionally)
Tom Downie is working for a company that provides IT outsourcing services including application development and software outsourcing. If you want to know more about his work, visit the website: software outsourcing to see how he can optimize your business.
0 comments:
Post a Comment
Click to see the code!
To insert emoticon you must added at least one space before the code.