Security at the forefront of your employee experiences

Richard Motteram - 6th May 2019

When running workshops for customers looking to implement HR Case Management, one of the topics that will always cause significant discussion and disagreement is around security. This is not simply security between the HR scoped application and the broader enterprise (ITSM, ITBM, SecOps etc) but security between Center of Excellences (COEs) and with HR for HR requirements.

 

Every customer is different, and this is certainly true when it comes to internal HR security specifically around employee relations and highly sensitive services such as disciplinaries. Due to the wide variety of requirements that we encounter, it is impossible to outline all the solutions to these individual business requirements.  I would like to outline a solution which we have presented and successfully implemented multiple times for various customers, both large and small, across a wide range industry verticals.

HR Case Stub Information

The default security model allows HR agent (those with sn_hr_core.basic) to access all cases across each COE.  Therefore, from a security point of view all HR Cases are treated the same:

This is often insufficient for internal HR departments and there are requirements to restrict HR employee relations cases from the rest of the COEs. However, the rest of the COEs should still know that a case exists should an employee contact them.  This results in a no-win situation: how can a HR agent see a case but not see a case?  The solution is that they can see only certain attributes of the case.  The stub case view, typical attributes include number, employee name, short description and HR Service.  This ensures that all confidential information remain hidden, even within HR departments that do not need to see this information.

So successful is this solution in its implementation, that customers often request to implement not just at COE level but also further into the Topic Category, Topic Detail and even HR Service level. 

For example - Only when the HR Service is Sexual Discrimination should the stub case be displayed to HR Agents who do not have the specialist training required to be assigned this type of case.

For more details on our bespoke security implementations and more detailed use cases feel free to contact us here.