Management of auditor’s access rights

2017.07.26

The management of the auditor’s access rights on the ViaSyst Database has been improved to give to the CBs the possibility to manage auditor’s access to the data entered easily.

Starting point & Rationale

The Database offers the possibility to CBs Administrators to share the various information available with auditors and give them the possibility to work on Audit reports/Certificates following the access level rights assigned to them. .

The rights available on the Database are:

  • Validation: Validate audit reports (CB validation) for assigned organizations and Add/Edit certificates – includes Edit/Write & read rights
  • Edit/write: Adding, editing & managing audits (for assigned organizations – includes read rights
  • Read: Read all audits, organizations & auditors data (for assigned organizations)

Assigning rights to auditors is 2 options: assigning overall roles or assigning roles organization per organization. The difference between these 2 options was sometimes confusing.

Implemented evolution or improvement

In order to simplify the management of auditor’s access rights and make the different level of roles assigned to each auditor more clear and visible, some parts of the Database have been reviewed and optimized.

Implications & Recommendations

These accesses can be managed through both the auditor’s access rights profile and the organization’s profile.

From now, the access rights assigned to each auditor are clearly identified and visible through these 2 pages.

Detailed instructions on how to manage auditor’s access rights are provided in the following items of the ViaSyst Instructions for use knowledge base:

Note: For security reasons, we recommend you, for each access created or updated, to send the logins and passwords to users using different communication channels (for example, login by email, and password by skype).