Designating a Compliance Action as Confidential

Compliance Action Confidentiality

Compliance actions may be specified as confidential to limit access to information about the compliance action to certain staff. When a compliance action is set to confidential, staff may access the compliance action details if they have been assigned one of the following roles:

  • Owner - A confidential compliance action must always have one (and only one) designated owner. This defaults to the person who sets the compliance action as confidential. The person designated as owner has the ability to add or remove access to the compliance action.

  • Edit - Users who have been granted Edit access may edit the compliance action (provided they have been assigned tasks or are designated as the processor).

  • View - Users who have been granted View access may view all aspects of the compliance action, but cannot edit. All screens will be read-only.



Visibility of Confidential Actions

Marking a compliance action only prevents non-authorized users from viewing the compliance action details (edit screen). The compliance action will still be visible to all internal users in the Compliance Action search results list, including the ability to view the site name, compliance action type, and status. 



Enabling Confidentiality

The ability to specify a particular compliance action as confidential must be configured for the specified compliance action type. This is configured in Administration > Lookups by checking the Enable Confidentiality field for the corresponding compliance action type.

Compliance Action Confidentiality Manager Role

As noted above, the Owner designation grants a user the ability to access and edit a confidential compliance action. Another way to gain this level of access is through the security role Compliance Actions - Manager - Confidentiality. This role has access to edit any aspect of confidential Compliance Actions, including agency confidential settings. By designating someone with this role, the confidentiality settings can be updated should the person designated as Owner be unavailable for whatever reason.

Steps to Make a Compliance Action Confidential

A compliance action can be specified as confidential by selecting the Confidential checkbox in the side panel of the Compliance Action Details page.

When a compliance action is set to be confidential, the Confidential Settings area appears.

The Confidential Settings area allows one or more users to be given permission to view or edit the compliance action. The permissions are specified using one of three security roles described above (Owner, Editor, or Viewer).

The system requires at least one Owner specified in the confidentiality settings. The user who specifies the document as confidential is automatically added and set with a security level of Owner.

The following table lists the Confidential Settings fields:

Field

Description

Add User

This field is used to select a user to grant access to the document. Selecting a user and clicking the Add button will add the user to the confidentiality security list.

Name

Name of the user who has been granted access to the document.

Security Role

Security level granted to the corresponding user in the list.

To grant or change user access to a confidential document:

  • Select the user from the Add User dropdown.

  • Click the Add button. The user is added to the Confidential Settings list.

  • Select the Security Role for the user.

  • Click the Save button at the bottom of the screen to save changes.

To remove user access from a confidential document:

  • Click the X button to the right of the user name. The user is removed from the list.

  • Click the Save button at the bottom of the screen to save changes.

Note: Once confidentiality has been set, the user must have Owner security level on the document to grant or change access.



Related pages