Data Protection: Guidance on Security

Introduction

Article 32 mandates that data controllers and processers should implement technical and organisational measures, to ensure a level of security appropriate to the risk. That risk should take into account the risks that are presented by data processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.

These security measures should demonstrate compliance with an applicable code of conduct created in compliance with Article 40. Data controllers should ensure that anyone acting under the authority of the data controller will use the data for any other purpose except those mandated by the data controller.

PTP Accounts Production and Tax Expense data is stored in an SQL database and whilst PTP uses SQL accounts to grant access to the SQL database, we do not create accounts per user.  

Microsoft recommend using Windows authentication wherever possible. Windows authentication uses a series of encrypted messages to authenticate users in SQL Server. When SQL Server logins are used, SQL Server login names and passwords are passed across the network, which makes them less secure. PTP requires the use of mixed mode authentication, which will be configured upon initial installation.   

Applying software updates is an important part of keeping your IT systems secure. Installing patches and updates to ensure the secure configuration of systems when they are available is one of the simplest ways of staying cyber secure, data controllers should consider reviewing the Cyber Essentials Scheme, a UK Government backed scheme that sets a baseline of cyber security.

Controls include:

• Patch management

• Secure configuration

• Boundary of firewalls and internet gateways

• Access controls and administrative privilege management

• Malware protection

For further information please see https://www.cyberessentials.ncsc.gov.uk/.

By default, PTP software files are installed to C:\PTP\ although this directory can be changed during the installation. The files and applications in this folder should not be modified unless instructed by IRIS.  

PTP also recommend that your system meets or exceeds the minimum software requirements to run PTP, please review the system requirements page.  

Computers on your network should all require staff to login to them in order to gain authorised access to the systems and applications the practice use. This also provides the first layer of security, the PTP application provides a second layer of security by setting up logins for authorised access to PTP, see Accessibility section for further information.  

Accessibility

Access to PTP and any sensitive client data may be restricted in several ways:

1. User login required to access PTP Accounts Production – Only authorised logins are able to access Accounts Production. For more information see online help PTP General: Staff Maintenance

2. Enhanced security in Tax / CT Platform and Tax Expense provides a facility to restrict certain users from running parts of the system e.g. full access, restricted access, read only and no access.

3. Staff permissions are used to set permissions on the level of access the user has e.g. full access, restricted access, read only and no access. For more information see online help PTP General: Staff Group Permissions and PTP General: Permissions.  

4. Staff privileges can be placed on the areas of the system each user has access to e.g. common privileges as well as privileges which are specific to each of the modules. For more information see online help PTP General: Staff Privileges.

5. Confidential client feature in Accounts Production allows the user to set a password on a client and thereby restricting staff access to the client to only those with the password. This feature can assist in restricting access to a client to ensure there is a block on processing activities within PTP if necessary. See KB IAS-1794: How to password protect a client.

6. Protect client feature in Tax / CT Platform allows the user to render the client invisible to all other users except the user protecting the client but also offers additional restriction to protect the client. A password protect feature is also available in Tax Expense.  

Audit

The Data Protection Act changes have a particular focus on accountability and transparency. It is no longer sufficient to comply with the law, businesses must be able to demonstrate that they have done so with appropriate records and evidence.   

There are several reasons that having a comprehensive audit trail is important. Within the Data Protection Act it states that data controllers will need to “be able to demonstrate compliance with the [principles relating to processing of personal data]”.

Clearly, without having a record of how the data has been handled, it will be almost impossible to demonstrate compliance. In addition, the new regulations stipulate that, if there is a data breach, it must be disclosed to the relevant authorities within 72 hours.

Without having a complete and up-to-date recorded audit trail of who has accessed what information, when it was accessed, how it was handled and so on, there is a risk of missing that deadline.

PTP has restricted audit trail functionality and therefore any auditing must currently be achieved by hand as data processors and controllers need to be able to show how and when the data was processed and be able to prove it.

There are many third-party auditing tools for SQL Server, however there are several levels of auditing that are also included in the different versions / editions of SQL Server:

• Profile Trace – Available in all versions of SQL since SQL 2005 Standard Edition. SQL Server traces allow data controllers to capture information about all access to the database, this feature may be used as part of an auditing solution. It is more useful, however, for capturing instance security events (such as Logons and failed Logons) than for monitoring changes to individual data items.
  
  For further information please see: https://docs.microsoft.com/en-us/sql/tools/sql-server-profiler/sql-server-profiler.  

• Extended Events – Introduced in SQL 2008, Extended Events were intended as an alternative lightweight replacement for Profile Tracer. For further information please see: https://docs.microsoft.com/en-us/sql/relational-databases/extended-events/extended-events.  

• C2 Audit – Supported in all versions and editions of SQL Server up to 2017. For further information please see: https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/c2-audit-mode-server-configuration-option.  

• SQL Server Audit – Available in SQL Server 2008 Enterprise edition, server level auditing came to Standard Edition in 2012 and all features are available in all editions from 2016 SP1. Auditing is implemented using Extended Events. For further information please see: https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-database-engine.  

Please consult your IT / System Administrator to discuss your security requirements.