| | | | |

Security, Auditing and Error Handling

Functional Summary
All users must log into Waypoint each time they use the application. Waypoint then only permits a user command access for which they have been granted. Permissions are based on roles and membership in them. Every single system command can be controlled individually when necessary. Furthermore, permission levels can be granted: read only, read-insert, read-insert-edit, read-insert-edit-delete and finally read-insert-edit-delete-undelete.

All database access occurs based on a single SQL Server login who's password is hard-wired into a single place in your application prior to installation. All of your leasing terms and feature choices are controlled in the same way. Thus, you can control whether any alternative access to your database will be available. All documents and other files cataloged into Waypoint are moved into a single "repository" that must reside somewhere on one of your network servers. When files are accessed they are copied to the user's workstation so that changes can only be returned to the repository when edit permissions have been granted.

You can control access to our five primary categories of data by "type" as defined by you. For example, you can use Contact Type as we do to discriminate employees from customers. Then you can restrict access to employee records while still allowing wide access to customer data. You have similar control for Asset Types, Event Types, Knowledge Base Topic Types and Project Types. This "horizontal" security is both powerful and yet easy to implement and maintain. You can also elect to turn off several security measures while still deliberating what business rules you want to impose.

Up to six audit logs are automatically updated in the background while users use the system. All login and logouts are audited and it is possible to see if a user is currently logged in. Since a security check is made with each command access, we can also log all system usage. All file access can also be logged including whether a file request was for edit or was read only. All knowledge base topic access is logged in a separate log. All QuickBooks/Accounting export jobs are logged including how many of each kind of record is exported. The task records themselves are each updated with the date and user who performed the export. Finally, all errors are logged.

Error Handling is a vital element of any core business system. We log all Waypoint errors into Waypoint's database and - if that ever fails - into a Microsoft-defined error log directly on the user's workstation. Each data request includes error handlers that report where the error occured, what the error was, who the user was and when it happened. Data processing tasks and other specific functionality have unique error messages and all error messages are stored in a table so that we can polish the user messages long after the code has been frozen and the application has been installed. Screen validations are not considered to be errors and validation is provided throughout the application. Required data fields are indicated with red labels.

Case Studies
One law firm client came up with the idea of auditing knowledge base access. They use the knowledge base to store all of their business policies and procedures. By monitoring the knowledge base log they can see which employees have begun to answer their own questions and also which topics are most useful.

We rely on the error log to uncover system dysfunctions even when users might struggle to articulate problems they are experiencing.

Advanced Functionalities
We've added a number of more subtle system behaviors that save time and make the lives of users easier.

* Temporarily grant or remove permissions to suit immediate business needs.
* Review system usage patterns for each user in preparation for an annual review.