QAD 2017 Enterprise Edition > User Guides > Security Administration > Introduction to Security
  
Introduction to Security
This section introduces the security and internal control features in your system.
Overview
Explains the fundamental components used to assure the preservation of confidentiality, integrity, and availability.
User and Role-Based Security Model
Explains the security model used by the system to integrate the different components of the system architecture, control who can access the system, and define the actions that system users can perform.
System Security
Describes the overall security of all the components of QAD, including servers and databases, user synchronization, and user authentication.
Internal Controls
Explains the mechanisms that help an organization comply with legal or regulatory requirements to reduce their exposure to potential liability imposed for violations.
Implementation Summary
Describes how every user must be identified in the system, given access to a domain and at least one entity in the domain, and associated with at least one role in the domain in order to gain system access.
Security and Internal Controls Programs
Lists the menu programs you use to define and maintain security and internal controls in your system.
Overview
The security and related internal controls operating in your system must be viewed within the context of your organization’s overall security framework. While it is beyond the scope of this guide to discuss the details of information security, the fundamental components involve measures to assure the preservation of:
Confidentiality—ensuring that information is accessible only to those authorized to have access
Integrity—safeguarding the accuracy and completeness of information and processing methods
Availability—ensuring that authorized users have access to information and associated assets when required
Security properly starts with a comprehensive policy statement that:
Demonstrates clearly management’s support and commitment to security
Defines the principal security components important to the organization
Describes the general approach for meeting security objectives
After the policy statement is prepared, procedures, guidelines, and other supporting administrative controls are typically defined to support the policy. Finally, technical controls are designed and implemented to support the administrative controls.
The system provides multiple types and levels of security and internal controls, which are described in this chapter. This chapter also includes several checklists to use as starting points in planning and implementing a comprehensive security plan to meet the specific security requirements of your environment. See Security Planning Checklists for details.
The specific level of security control an organization should implement is a function of the underlying information security requirements. Those requirements originate:
Externally, including regulatory, legal, and legislative requirements
Internally, based on the value of information assets, associated risks to those assets, and available controls that can eliminate or mitigate exposures to an acceptable level
Much of the security control in the system is designed to support external requirements, including numerous controls to support customers who are concerned with meeting the security requirements of legislation and regulations such as the Sarbanes-Oxley Act and Food and Drug Administration 21 CFR Part 11.