SECURITY IS PARAMOUNT AND WE TAKE IT VERY SERIOUSLY.


This whitepaper outlines the various security parameters that have been enabled in GAINS to ensure that your data is absolutely safe.
Security can be broadly divided into two broad parts.

  • One is access to data. i.e. Denying access to unauthorized users.
  • Two is the level of access. This means once the users has logged in, he / she is allowed to access only certain areas (modules / forms) and within those areas they can do only certain tasks (view / add / edit /delete).
An analogy :
  • Level 1 is like entering the main gate of the building.
  • Level 2 defines which premises (flats) and rooms the user can access and what he can do (view / add / edit / delete) in each room.



SUMMARISED
Access is granted / denied based on :
One or more of the following parameters may be set ON or OFF
  • IP lock (Login only from authorised offices / static IPs)
  • Login and password
  • 2FA (Two Factor Authentication) / Text message sent to mobile
  • Day and Time wise lock (Login on Mon - Fri/Sat only)
  • Period lock (Login only for current FY)
  • Machine lock (Login only from designated machines)
Mobile app is available only to whitelisted / registered mobiles

Level of access is based on the following parameters :
  • Site / Branch / Depot or warehouse
  • Modules / Forms / Reports
  • View / Add / Change or Edit / Export to excel / Delete
  • Post active / draft vouchers ( Create, Verify, Approve -- or -- Maker, Checker, Approver )
  • Limits : Cannot over ride ledger credit limits.
  • Audit lock. Cannot edit vouchers if period has been audited and locked.
The system maintains a background audit trail for all edits / deletes of all vouchers. Backup is automatic and daily / real time.

Access to Data

Access to data is controlled through multiple layers. The admin may set one or more of these layers as on / off.

  • IP lock : Access is granted only if the login is from registered static IPs. This means that users trying to login from their homes will be denied access. For senior personnel an exception may be made. They can login from outside the office (home, holiday etc.) -- but they will be required to enter not only their password but also enter a 4/6 digit SMS code sent to their mobile (2FA -- Two factor authentication defined below).
  • Login and password : This is the simplest and the second level check. Login (which is usually one's email) and password needs to be entered to allow access. Robots / phishing for passwords is deterred by using Captcha which is auto enabled after 3 wrong tries.
  • 2FA (Two Factor Authentication) : This security concept is used in credit card / banking transactions. An SMS / text message with a 4 /6 digit numeric code is sent to the user's mobile after he enters his correct login and password. This number is valid for a particular time and needs to be input by the user in within a few minutes. This ensures that there is a second factor of authentication. The first is something you know (your login and password). The second is something you have -- like your mobile where the numeric code is sent as an SMS.
  • Day and Time wise lock : Some users may be granted 24x7 access. But other users, like say data entry operators, would be subject a day and time restriction -- like access is allowed only on Mon to Fri from 9 am to 6 pm. This means that even if they are logging in from the registered IP and have entered their correct login and password, they will be denied access if they are trying to login on a Sunday.
  • Period lock : Even if users are granted access after passing the above levels of security -- the period that they can access is controlled. So while a Financial Controller may be given rights to see accounts for any period, other users may be given rights to view only the current year data.
  • Machine lock : For very security conscious firms, we can add a fifth layer -- wherein access for certain logins is allowed only when accessing from particular machines.
Mobile users : Only whitelisted / registered mobile # (CEO, CXO, Financial controller etc.) can access data through their mobiles using the android / iOS apple app. The admin can whitelist / register as many mobile # as desired.

NOTE : At any time, the company admin may change one or more of the access privileges of the users and may also completely de-activate or delete the user.


Level of access


If access is granted based on the above parameters, it does not mean that the user has complete access.
Based on his / her level of access he / she is allowed / denied access to:

  • Site / Branch / Depot
  • Modules / Forms / Reports
Some examples :
  • A data entry operator would not have access to most of the modules. i.e. He will not be able to access the Reports, AR AP and other such modules.
  • A branch manager would have access to all his branch reports and modules, but he would not be able to access data related to a different branch.
  • Certain users would be able to view data only of specific ledgers. They would be denied access to say the Salary or bank ledgers. e.g. Sales Manager would have access to the Sales ledger and the Sundry Debtor ledgers. He would however be denied access to all other ledgers.
Security (through role task masters) also allows control of :
  • View / Read / Add / Edit / Delete / Export to excel of vouchers and ledgers.
e.g. Sales personnel can only view the sales ledger but they cannot edit / delete transactions.
Accountants may be allowed to add / edit vouchers but not delete vouchers.
Senior accountants may be allowed to delete vouchers also.


Active / Draft vouchers -or- Verification / Authorization (Maker Checker) : A firm may opt to enable this feature wherein all vouchers which are posted are 'draft' and thus have no effect to the books of accounts. They need to be verified before they are posted and have an effect to the books of accounts and cause a change in the Closing balances of ledgers.

Limits : Users can be restricted from posting vouchers if limits are exceeded. For e.g. A junior accountant can post a payment entry of only Rs 100,000. Any voucher beyond that amount would be a draft voucher which would require verification before it is activated. Similarly a sales voucher cannot be posted (unless an over-ride is given by a senior authority) if the customers limits are exceeded.

Audit lock : Once audit has been done, management can lock all transactions till that date. For e.g. Consider that audit is done till 31 Dec 2015 and the audit lock is applied for the same date. Then user can edit / delete vouchers only after 01 Jan 2016. All vouchers of calendar 2015 or before are locked and may not be edited / deleted. The admin may always remove the audit lock if required.


Background checks


Audit trail : The system captures each and every change to the voucher from creation till last update. So it is easy to know who changed what and on which day and time.

Deleted vouchers : Even after vouchers are deleted (if rights are given to the user), the system maintains a hidden Recycle bin, wherein the Financial Controller / Admin can view the deleted vouchers.

Miscellaneous :

  • All data is encrypted in SQL 2016 with SHA 256.
  • At no time is any data stored on your desktop / laptop / mobile etc.
  • Our IBM server (Singapore) is protected by a firewall and anti virus software.
  • We conduct regular audits by third party specialists to ensure that the database is secure.
  • All data is backed up in real time / daily. This is an automatic process requiring no manual intervention.



MULTIPLE LEVELS OF SECURITY SECURE YOUR DATA.