Sample Caseware Cloud security framework
When you use Cloud as a collaboration solution for engagement work across your entire organization, you will need to implement a security policy. Having a policy in place is important, because it will help protect sensitive client information. Using a security policy, you can control access to this sensitive information.
Security for a small organization (1-10)
If your organization comprises a few partners who all have equal access to client information, you can implement a very simple security policy. You can grant all staff members access to all entities by giving them the Owner role. This policy is the simplest to manage, but you can only use it if all users have equal access to confidential client information.
If your organization comprises one or two partners and a few associates who support your work, you can make a slightly more complex policy. The partners should have all system-wide roles:
-
Settings Admin
-
Staff Admin
-
Entities Admin
Your associates should have the Entity Access role. This will let them see all entities that you create, but they will only be able to see content under the entities that a partner shares with them. This means that whenever a partner adds content to an entity, they will choose which associates have access to it.
Security for a mid-sized or large organization (11+)
If your organization is larger, you will require a more complex security policy. You may have one or more system administrators who will be responsible for Cloud's settings. Partners will still have access to almost all content, but managers and associates will be assigned to specific clients and engagements. These staff members will not need to be able to see all client entities.
System admins should have at least the following system-wide roles:
-
Settings Admin
-
Staff Admin
With these entitlements, your system admin can manage Cloud, and they can also create, modify, or delete other staff members. They cannot, however, view any of the content for clients of the organization or for other entities.
Partners should have at least the following system-wide roles:
-
Staff Admin
-
Entities Admin
With these entitlements, partners can create staff groups for engagement teams. Each engagement team should include a partner, a manager, and some number of associates.
The partner can share the client entity with the new team, granting Entity Access to the group. The partner can then grant the Owner role for that entity to the manager.
With the Owner role, the manager can add and share content for the current client engagement. They can decide whether new files should be shared with the whole engagement team or limited to specific team members. They can also review the time and expense entries for the client entity, and they can create invoices for their engagement.