Employee Expense and Reimbursement System. Stuart Mackie. Computing 2004
|
|
- Alison Byrd
- 8 years ago
- Views:
Transcription
1 Employee Expense and Reimbursement System Stuart Mackie Computing 2004 The candidate confirms that the work submitted is their own and the appropriate credit has been given where reference has been made to the work of others. I understand that failure to attribute material which is obtained from another source may be considered as plagiarism. Stuart Mackie
2 Summary Cooper Cameron (U.K.) Limited is located in Leeds and is a subsidiary of Cooper Cameron Corporation, a U.S. Company. The Company utilises high technology business solutions including SAP R/3 and a full range of Microsoft, manufacturing and engineering dedicated software. The project addresses employee expense reports which are currently prepared and submitted for processing on paper which is cumbersome and inefficient. The objective is to provide a web based system to facilitate the submission of expense reports on a weekly basis which will form the basis of making data available for departmental costs, financial related transactions and re-imbursement to employees. The system will be a satellite system to the existing SAP R/3 with bridging being executed by the Company s I.T. department. This report documents the process encompassing the initial study, design, implementation and final system evaluation. - i -
3 Acknowledgements I would like to give acknowledgement to the under noted for their time, advice and support given throughout this project: Leeds University Computing Department Stuart Roberts Sarah Fores Cooper Cameorn (U.K.) Limited Jim McPhail (Director of Information Services) Alex Woolley (Accounts Payable Manager) I.T. Department Staff H.R Department Staff Accounts Payable Staff - ii -
4 Contents 1. Introduction The Company The Project Background Research Project Schedule 2 2. Objectives Main Objectives Minimum Requirements Additional Requirements 4 3. Analysis Requirements Gathering The Current System Interviews Existing Solutions User Requirements Essential User Requirements Enhanced User Requirements Chosen Methodology Chosen Technology 8 4. Design Database Design Entity Relation Diagram Database Entities and Attributes Database Constraints Database Normalisation System User Types User Interface Design Coding Style Existing System Integration 19 - iii -
5 4.6 Security Implementation 5.1 Database Implementation Interface Implementation Backup Testing Methods of Testing System Testing Evaluation 7.1 System Requirements Methodology Implementation and Testing Conclusion Future Enhancements System Testing 36 Biography 37 Appendixes Appendix A Personal Reflection 38 Appendix B Initial Project Schedule 39 Appendix C Revised Project Schedule 40 Appendix D Entity Relationship Diagram 41 Appendix E Database Schema 42 Appendix F ASP Code Extract 46 Appendix G Sample Test Plan 47 Appendix H Current Company Paper Expense Report 48 - iv -
6 1. Introduction 1.1 The Company Cooper Cameron Corporation, a U.S.A. company is a leading international manufacturer of oil and gas pressure control equipment, including valves, wellheads, controls, chokes, blowout preventers and assembled systems for the oil and gas drilling, production and transmission used in onshore, offshore and sub-sea applications. Cooper Cameron Corporation also provides aftermarket parts and service to the energy industry worldwide. Cooper Cameron (U.K.) Limited has a major manufacturing operation in Leeds and an aftermarket facility in Aberdeen with the legal entity being a fully owned subsidiary of Cooper Cameron Corporation. The U.K. subsidiary has over 1000 employees based in the U.K. and their operations support Customer projects on a worldwide basis. 1.2 The Project The aim of this project is to develop an Employee Expense and Reimbursement System for Cooper Cameron (U.K.) Limited (Cameron.). The Company has in place a paper based system and has conducted some basic research into new solutions. For a number of reasons they have not found any satisfactory solutions and have been considering a custom solution at a later date that will interface with the current SAP R/3 system they use. The project will involve requirements analysis for, and development of an appropriate solution to allow employees in the Company to submit expense reports electronically, instead of the current process which is done on a paper template either through Excel or handwritten. The electronic expense report system would take into account the procedures currently in operation by the Company as well as produce a more modern technologically advanced system making the process more efficient for all involved. All employees of Cameron use the same paper system, and administrative employees are required at various stages through the process to handle the paperwork and enter the data from the employee expense report documents into an electronic format. Due to the nature and size of the Company, the initial application for the system would encompass all locations under the U.K. Legal Entity. Future rollout of the system may be used by the Company at all locations across the World who utilise the SAP system
7 1.3 Background Research For this project to be successful and fulfil the system requirements, background research took place for strategic areas of the project. After initial consideration of the project problem, it was apparent that the following areas require research before being able to proceed : Data Protection Human Computer Interaction (HCI) Database Design Software Testing These areas were researched before continuing with the project. References to these research materials can be found on the Bibliography as well as referenced throughout the project. Rather than devote a chapter explaining my findings, where a reference has been used I have explained the information contained within the reference before considering how it affects the project. 1.4 Project Schedule Due to the limited time available for this project, a schedule was produced early on in the development. My original schedule as found on Appendix B was acceptable to work to until January Unfortunately due to additional pressures the schedule was not appropriate for work targeted to be completed after January 2004 leading up to the submission date. Subsequently the Project Schedule was re-structured to accommodate an appropriate time frame for this period. The updated schedule can be found on Appendix C
8 2. Objectives 2.1 Main Objectives The main objectives of this project is produce an appropriate Expense, Reimbursement and Reporting system for Cooper Cameron to replace their existing paper based system. The Company has investigated a number of existing solutions and has found them to be inadequate for their needs. They have since decided to have a custom solution produced which reduces the amount of time spent by the employee and by the company processing expense reports. The new system should provide a smooth and intuitive progression from the old paper system layout and process to the new electronic version with the added advantage of automating the accounting transactions from the electronic data. The current expense reports are manually transacted in SAP and the intention is to develop a system that the Cameron I.T.Department can interface with and process into the standard SAP application. The achievement of accurate expense report recording will automatically achieve significant efficiencies in the reimbursement process 2.2 Minimum Requirements For the system to fulfil the minimum expectations of users, the following minimum ( must have ) requirements must be achieved : Investigate appropriate methodology for use in the development of this project. Document user and system requirements through contact with the Company, and examination and evaluation of their existing procedures. Investigate possible solutions and select the most appropriate. Implement full Back-End (databases) and initial Front-End (basic web interface) for the appropriate solution. Carry out planned technical testing and resolve any issues
9 2.3 Additional Requirements If time permits, or for future system development, the following items have been considered: Implement Final Front-End Deploy the system for use at Cooper Cameron (U.K) Facilities. Carry out User Testing and make any necessary adjustments. Produce Appropriate Documentation for using the system Roll-out the Expense System for World Wide use
10 3. Analysis 3.1 Requirements Gathering The basis of any project is a good understanding of what the end product is targeted to achieve. In the case of this project three areas are available to help define these requirements, The Current System, Staff Interviews and Existing Solutions. These three areas have been explained in more detail below. The information gained from each of these areas will then be compiled in a listing of User Requirements which the system will have to fulfil to be successful Current System The current paper based system was closely examined, and notes were taken while watching staff members using the system. Various stages exist in the current system which were also examined, since they have a significant affect on the final version of an electronic replacement system. The major data elements in the current paper Expense Report document are listed below. A full copy of the current paper Expense Report can be found on Appendix H. For Re-Imbursement to Employees Employee Name, Number, Location and Cost Centre Expense Report Period Week Ending dd/mm/yyyy Expense Report Submission Date Company Vehicle Registration & Mileage Employee Account No. (Vendor No.) Expense Type Expense Date Incurred Expense Amount (Gross) VAT Amount : Finance to Complete Expense Net of VAT : Finance to Complete Expense Account Code : Finance to Complete Company Paid Expenses Not For Reimbursement (information only) Air Travel Rail Travel Car Hire - 5 -
11 Other Details Cash Advance Details Currency Conversion Rates Date & Location and Business Purpose Signatory Details / Management Approvals Special Notes Exceptional Expense/Circumstances Interviews Meetings with a number of main members of staff involved with the system have been carried out. A number of areas were discussed ranging from the existing paper based system and its performance, to any areas which they felt the current system failed to accommodate. Notes were taken during the meetings which were then reviewed to produce a listing of requirements Existing Solutions There are a number of existing solutions available from small scale companies to more sophisticated companies such as SAP. Cameron as well as being heavily Microsoft orientated also has strong links with SAP, and is currently running SAP R/3 (recently converted from SAP R/2) through the entire company. When Cameron started investigating existing solutions they primarily started with SAP R/3. After receiving the information from SAP the company ruled out this option due to it poor interface and spiralling costs which were in excess of 300,000 per office/plant with additional annual fees for maintenance support. Cameron currently do not utilise the SAP R/3 H.R. module which is a prime requirement to implement the SAP Expense Report module. Effectively the current decision was to utilise a non SAP application with bridging interface to SAP R/3. The problem found with most other available systems is either additional features which interfere with the main requirement features needed by Cameron, or the system is too basic and does not fulfil the Company s requirements. Unfortunately due to the costs and implementations of the existing solutions available, I have been unable to get any hands on testing with available software to be able to discuss the positive/negative attributes of the applications. Cameron advised me that they should be able to make available for review the system profile of the SAP Expense and Reporting package. However, this was not achieved due to the Companies decision not to purchase this module
12 3.2 User Requirements After reviewing the above three areas, it has been possible to produce a listing of Requirements which this project has to target. These requirements have been split into two sections, Essential and Enhanced. The Essential Requirements are those which the system will have to fulfil to be successful, otherwise the project will fall short of the User and Company expectations. The Enhanced Requirements are those which may provide extended use for the User and the Company. These Requirements are not mandatory and could be included in the system at a later date after the completion of the Project, or built into the project during development if time permits Essential User Requirements Taking into account the previous analysis data extract, the following essential requirements were derived : A web interface should be designed to allow employees to have access to the system. The system should store expense report data for at least 14 months, before moving it to an archive. Employees should be able to submit expenses to the system which will be compiled on a weekly basis The system must handle foreign currencies. The system should complete all Tax, VAT and other mathematical calculations required for the Company and the User. The system where possible should provide a list of selectable items to accommodate any restrictions on Expense types (i.e. Disallowable expenses for un-receipted claims above 5.00 per item, baby sitters, spouse travel unless approved in advance, inappropriate Entertainment, travel upgrades unless approved in advance, expense paid on another employees behalf and office equipment which should be purchased on approved company Purchase Orders etc) Security should be accommodated to make sure the system applies with the Data Protection Act (1998). Under the Data Protection Act the Company has an obligation to ensure records are company confidential. Expense Reports may include legitimate approved expenses that must not be divulged. Examples would include Medical, Education, Qualifications and Personal Information Users should only be able to view their own expense reports Employees who will be administering the expense report system should have higher privileges, and control over settings used by the system - 7 -
13 3.2.2 Enhanced User Requirements Options to store user preferences should be provided. These options include preferred currency, car registration, personalised Expense categories. Scanners should be integrated into the system to allow receipts to be electronically stored. 3.3 Chosen Methodology There are a number of main methodologies which could be considered for use with this project. These include the Waterfall Model, Spiral Model (as used as part of the Structure Systems Analysis and Design Methodology) and UML. Due to the restricted nature of this project, both in size and time, I do not feel it appropriate to adhere to a strict pre-defined Methodology but hope to take on board areas of some methodologies which are more appropriate to this type of project. Since this is a customised project specific to Cameron in an area which the company has not developed for a number of years, it is likely that alterations will be required at various stages throughout the lifecycle to the design and implementation. The Waterfall Model does not accommodate this, and modified versions of the Waterfall Model which do support changes to the specifications during development are still very restrictive due to the nature of the Waterfall Design. To accommodate the requirements of this project, as well as the ability to make changes during the development process I will be using an Iterative approach. Iteration is one of the main features of the Spiral Model and I plan on following the principals of this Model during this project. UML is another methodology which I hope to use, although not in its full context. For this Project, certain parts of UML will be beneficial, in particular in diagrammatical context in which UML can be used to demonstrate the development of the system to the client, as well as provide a structured view for areas of development. 3.4 Chosen Technology Cameron is a large International company which is heavily reliant on computer technology. They are heavily dependent on Microsoft technologies and after speaking with their main support departments this will have to be taken into account when choosing appropriate Technologies. This project will primarily require a web server, appropriate server side language and a database server. The company has informed me that their preference in these cases for all new software they use is Windows 2003 Server running Internet Information Services (IIS6.0) which will facilitate the use of Active Server Pages (ASP) for the server side scripting language. They have a number of database servers which again are running on Windows 2003 Server with SQL
14 Cameron is currently in the process of upgrading their systems World Wide. Subsequently the specifications for the chosen technology and systems which this software will run on have taken this into account. Although this project would run on Cameron s current system base, planning for the completion of their upgrades which should be complete shortly was deemed the best action
15 4. Design This section of the report aims to investigate the design criteria required for the software before moving on to implementation. The section is broken down into a number of main areas database design, interface design, security and coding style 4.1 Database Design Through my analysis of the problem it was apparent that there was going to be a large number of database entries on a regular basis, and a significant amount of information has to be stored. The database design has to be efficient and accurate for use in the system for the immediate future, but also be as flexible as possible to allow future software development to be incorporated without compromising the design Entity Relationship Diagram The first phase of the database design was to identify the central entities and relationships involved and represent them on an Entity Relationship Diagram (ERD). E-R Diagrams are beneficial because they do not contain any technical information which means they can be shown to the Company. The Company can then comment on its validity allowing for any areas which have been overlooked to be revealed early in the process. In terms of implementation of the final solution, E-R Diagrams ensure that all user requirements have been considered and included. The diagram below is a high level abstraction of the entities in the problem, and does not contain any attributes for these entities. Appendix D contains an E-R Diagram taken at a lower level which uses the information shown in the diagram below, with the addition of the data in the next Section (Database Entities and Attributes). With the addition of these two Sections, the lower level diagram demonstrates the final database design required for use in this project
16 Entity Relationship Diagram Function Group 1 m Cost Centre 1 m User 1 1 System Group 1 Expense Item m 1 m Expense Report [Figure High Level E-R Diagram] Figure shows the relationship between the basic entities required for the database. The values 1 and m represent one and many respectively, for use in describing the relationship between two specific entities. For example one user may have many Expense Reports, and one Expense Report may have many Expense Items. The diagram was done at a high level so that no detailed entities were drawn, and the diagram could be used to demonstrate the relationship between the various entities. The use of this low detailed diagram was particularly beneficial to use with non-technical members of the company to check that on principal to main entities of their expense report system were included and nothing obvious was missing
17 4.1.2 Database Entities and Attributes Using the information gathered during investigation of the user requirements and the Entity Relationship Diagram produced in Section 4.1.1, it is possible to compile a list of Entities and their attributes required by the system to store real world data : Entity Expense Report Expense Item User Accounts Cost Centre Function Group Attributes Report ID, Claimaint ID, Description, Cash Advance, Cash Advance Currency, Cash Advance Currency Rate, Submission Date, Approval Date, Payment Date, Status Item ID, Expense Report ID, Description, Expense Date, Amount, Currency, Exchange Rate, Receipt, Receipt Type, VAT Rate User ID, Username, Password, Address, System Group, Employee ID, Cost Centre Cost Centre ID, Name, Manager Function Group ID, Name, Parent The above five entities will form the central core of the final Expense and Reporting System database. A final database scheme can be found on Appendix E. The final database scheme will take into account the following sections which include Database Constraints and Database Normalisation. Subsequently the final database scheme may have a different structure to the Entity and Attribute list above, as well as include additional entities and attributes which are specific to the system. The reason for this is that the above listing only covers the real world entries and attributes, whereas the database will also have to accommodate the system side equivalents. Similarly it is likely that database design changes will take place during Normalisation
18 4.1.3 Database Constraints When storing data in a database it is important that the type of data entered/stored is of the expected type. Database Constraints suggested by Elmasri & Navathe (1999) are documented below : Key Constraints Attributes can be used to identify a record uniquely. There are different types of Key Constraints which can be used, but if an attribute is made a Primary Key it means that the value of that particular attribute can only appear once. The one value then represents the whole record uniquely from all records. Domain Constraints Each attribute in a database must be of a particular data type such as an Integer or a String. Domain Constraints allow a data types to be set for attributes. Only data which matches this data type is then allowed to be entered for a particular attribute. Entity and Referential Integrity Referential Integrity guarantees that a foreign key matches with a primary key from another relation. Entity Integrity ensures that a primary key is not null. Functional Dependencies: A Functional Dependency is where an attribute in one database is dependent on an attribute in another database. A real world example of a functional dependency would be the name of a person and their National Security number. In this case the persons name is functionally dependent on their National Security number Database Normalisation Database Normalisation is a vital part of database design. Normalisation is the process of comparing a database scheme based on its functional dependencies and primary keys against a set of conditions. As described by Elmasri & Nevathe (2000) and Roberts (2002) the following advantages can be gained if database normalisation is carried out : The process of normalisation connects tables together for referential integrity. Without referential integrity, it is possible to have data in one table which should pair/match with data in another table but doesn t. An example of this would be a car dealership ordering a car. A
19 customer should be paired with a car if they have ordered it, but if referential integrity is not maintained it would be possible for the system to store a car order with no linking to the a customer. In a database system, poor design can result in data redundancy. This is where data is stored multiple times unnecessarily. Data redundancy can produce inconsistency and makes maintaining a database very difficult. As part of Normalisation, data redundancy is removed, and if done correctly causes any tables with redundancy to be removed. This is done through the use of primary and foreign keys. Normalisation makes use of primary keys at its various levels. An advantage of using primary keys is the indexing it then allows the DBMS to provide. Primary keys are attributes which can only exist once in a table which makes each entry uniqie. Indexing can therefore be done using these keys which results in greater performance for almost all database activities such as updating or deleting entries. Normal Form is a progressive set of conditions with First Normal Form (1NF) being the least strict through to Fifth Normal Form (5NF) being the most strict. Fourth & Fifth Normal Form are rarely used, and there is an additional Normal Form called Boycee-Codd Normal Form (BCNF) which is the equivalent of 3NF with a minor change. Below are explanations of the criteria for each type of Normal Form. First Normal Form (1NF) For a database to be in First Normal Form all values in a table must be atomic and there must be no multi-valued attributes. Second Normal Form (2NF) For a database to be in Second Normal Form it must be in 1NF and all non-key attributes must fully depend on the key. To resolve any attributes which are not full dependent on the key, these attributes are normally split from the table and moved to another. Third Normal Form (3NF) For a database to be in Third Normal Form, it must be in 2NF, and mustn t contact any transitive dependencies. An attribute is transitively dependent if it depends on another attribute which is dependent on a key
20 Boyce-Codd Normal Form Boyce-Codd Normal form is very similar but slightly stricter than 3NF. A database is in BCNF if every determinant is a candidate key. A determinant is an attribute which has another attribute fully dependent on it. In general a well designed database should comply with 3NF or BCNF and most database designs aim to comply with 3NF or BCNF. This produces the best all round solution which avoids some of the major pitfalls such as data redundancy and missing referential integrity. I have completed a number of modules covering database topics and have developed great personal interest in the subject area. I have found the more databases I develop the more natural I find designing these databases to comply with 3NF and BCNF. There have been certain rare circumstances where the design is better if it doesn t completely comply, but this is rare. 4.2 System User Types The Expense and Reporting System will be used by a wide variety of employees at Cameron. The majority of these employees will be using the system to create expense reports, but a number of specialist users also have to be accommodated. These two initial additional user types are : Functional Group Managers Function Group managers will be the first level of Administration above a basic user. When a user submits a completed expense report, it will first be queued for authorisation by their manager. If the expense report is valid the manager can authorise it, which then queues it for final audit/processing by the Accounts Department. Although a manager is required to Authorise a member of staff s expense report, they should not be allowed to make any changes. It is against Cameron s Company policy for a Manager to make any changes to an employees expense report. If there are anomalies, the expense report will not be approved Accounts Department Staff Members of the Accounts Department staff carry out the final level of Authorisation of an expense report before the employee is reimbursed for their expenses. The Accounts Department will work through a similar process as a Manager in terms of authenticating the expense report, but with one major difference. Members of Accounts Department are allowed to make changes to an employees expense report should any simple errors be found. Serious errors/omissions will result in the expense
21 report being rejected. The employee on accessing the system will see that the expense report has not been released for payment. The requirement for User Types and subsequently different levels of user permissions has a significant affect on the design and implementation of the system. The two main areas which will have to accommodate this in their design will be Security which is covered in Section 4.6, and the User Interface which is covered in Section User Interface Design The user interface for the system is paramount for it to be successful. The design of a graphical user interface (GUI) has to be considered carefully since there a number of very important areas to consider to achieve an efficient and user friendly GUI. As explained by Ruddell(2002) the most important areas to consider for a user interface are : The GUI should have a consistent layout to allow users to quickly and easily become fluent with the system. Appropriate user of colours is vital. Colours should be chosen that highlight important areas, while making sure main bodies of text are readable. The system should automate tasks and data entry as much as possible, but avoid completing sections differently to the users needs creating additional work. Display appropriate and clear error messages to allow users to quickly understand and fix any mistakes. Page layout should be consistent and flowing. Taking these important issues into account, the Expense & Reporting System interface will incorporate the following : The interface will have a consistent design throughout for all user types. The interface will include a two level menu system at the top, with the main content area underneath, and a shortcut menu bar at the bottom. The colour scheme for the system will be based around the colour scheme that the Company utilises. Matching colours will be used throughout the site for header and other important areas. The main body section will be a white background with black text which is the most comfortable solution for a user s vision. The surrounding areas of content will be soothing to provide the user with a comfortable interface to use
22 The menu system will look very similar for all user types, but additional menu items will be visible for Administrative levels of staff compared to a basic user. The menu system will be available on every page within the site and provide access to all parts of the system. The system will automate data entry such as expense items dates where possible. Automated data entries will either be fixed or editable after they are inserted depending the particular data variable. The Company has a very up to date computer system. Although this is the case, it is still standard for web design to accommodate 800x600 resolution computers. Since many users are using the next resolution up (1024x768), a design which fills the screen using 800x600 will have a small ~100 pixel border down both sides which will be incorporated into the design. The system shall accommodate three main error notification types. On submitting data into the system, any data entry errors will be displayed to the user via a popup error box. Errors related to data entry where the system believes the user has made an error will displayed as a Advisory error to the user, but shall not affect the progress of the user in the system. Any System errors shall be caught and processed to allow for system maintenance and problem resolving. The user will not see this message, but instead be provided with an appropriate message indicating the position of the system. Fatal errors where the system is effectively offline should be avoided at all costs, and where practical the system should still function at a lower capacity to avoid user inconvenience
23 4.4 Coding Style As with any software, continued development and future expansion is always present. Since this project is to produce software for use by a third party, it is likely that future development will required by the writer, or possibly developed further internally by the company. To make it possible for the software to be easily developed at a later date, the structure of the coding has to have consistent formatting. This makes it possible for any experienced programmer to understand the methods used, and be able to quickly understand the code to continue development. Although this project uses the programming language ASP, coding conventions apply to any language. As such I found the explanations of Wrox PHP Programming (2003) below most helpful: Variable names will be comprised of an initial letter or word which describes their type e.g. s for string, i for integer. The initial letter will then be followed by a word which describes the relevance or originating source of the variable e.g. a web form variable may be sform.. Finally an appropriate term will be used to distinguish variables e.g. the login web form may contain the variables sformusername and sformpassword Function naming will use mixed case naming through out to provide a consistent format. The names for functions will be such that they will be obvious to the reader their intention, and the context they can be used in. For example a function for carrying out user authentication may be function getuserid {.} Although consistent function naming should provide a significant amount of information to a developer, it may not be obvious the nature in which the function can be used and the information required to use it. Subsequently it is important that functions and important areas of code are appropriately commented. A popular method of commenting function is based on the JavaDoc commenting format which will be used in this Project. The format of this type of commenting is demonstrated below : /** string time to be set return boolean private */ function setlogintime( dtsystime ) { return true; }
24 4.5 Existing System Integration Through my initial research and contact with Cameron there was a need to provide system integration in two areas. The company is extensively reliant on Microsoft technologies for day to day client and server usage. They are currently still running NT Servers in a Domain Environment with Windows 2000 and XP Workstations. Their final testing period has just completed for a full rollout of Windows 2003 Servers with full Domain integration and Windows XP workstations. Subsequently to avoid creating a new login system with its own user database for the Expense & Reporting system, it is much more efficient to integrate the new system with Microsoft Active Directory. The Company requested that they be able to complete the integration with their new network since they would also be upgrading other custom software to achieve the same result. To achieve this within the software I have produced login and authentication functions within the software which are used as their names suggest. The Company can integrate the Expense & Reporting System with their Active Directory rollout by modifying these functions to interact and question Active Directory. Since the functions are well documented through the coding standards explained in 4.3, the Expense and Reporting system will not be affected as long as the changes made to the function comply with the documented design of the functions. In particular the system expects to pass the to function certain pieces of data, and expects a particular reply. The end result of this integration will be a better streamlined use of the software for the user. Company employees will be able to access the system using their primary network logon credentials removing the possibility of problems when users are required to use different credentials for each. Although the company is reliant on Microsoft technology for the networking environment, they also have a similar level of reliance on SAP R/3 for many of their central software systems. With particular respect to the Expense & Reporting system, SAP R/3 is used for processing information between bank accounts, company transactions and employee salaries. The previous paper system required an administrative employee to transfer the Expense sheets into SAP R/3 manually. With the Expense & Reporting System each employee will enter the data for their own expenses which will be stored in a central SQL Server database. The Company again wants to be able to gain access to this data to automate the payment process through SAP R/3. This particular need does not have a direct impact on the Expense & Reporting software, but well designed and accurate databases are required to support the payments as well. The Company has a number of SAP specialist staff who will write a bridging script to retrieve the data they require from the Expense and Reporting system databases and process accordingly into SAP R/3 for further use. This is slightly inefficient since there will be a small quantity of data redundancy between SAP R/3 and the Expense and Reporting system, but SAP R/3 only requires a small number of database values per expense report, compared to the vast amount
25 of data stored in the developed Expense Report system. Subsequently there is little concern over doing this, and the SAP R/3 integration can be view as a higher level summary of the expense reports stored within the new system. 4.6 Security In the last few years Security in the Computing Industry has become a business in its own right. A number of companies and software developers have overlooked this area subsequently leading to spurious vulnerabilities. As discussed by Efford (2004), one of the main reasons for these security problems in software was a view taken my many companies that the functionality of the software being first priority with security being added/patched on afterwards if required. Effectively security was a secondary consideration within software, and was seen as a bolt-on which was added to the software. Unfortunately with these development attitudes and practices, software does not provide adequate levels of security and consistency required in today s high technology world. Taking this into account, the only way to provide a system that is secure is to take account of these security problems during design rather than during implementation. The section of the report borders Design and Implementation due to the nature of Security. As such many implementation decisions will be made at the same time as designing security into the system since it is not suitable to have one without the other. Cameron is a large organisation with offices across the world. The Company takes security very serious, and requires this system to include adequate protection. Due to the nature of this system there are a number of areas which are susceptible without consideration for effective security protection: On completion of the Company s upgrade as discussed in section 4.4, the system integration will vet the users when they logon with their credentials to the Expense System, since the system queries an AD Domain Controller. If the credentials are correct the user is allowed access to the system. The Company requires this and will take steps when completing the integration by securing the data transmission between the client and server. Since the programming language used for this project is a Microsoft Language, the language provides appropriate integration with other Microsoft technologies such as AD
26 The system is highly dependent on Microsoft SQL Server to store the system date. If an error incurs when using the database such as invalid parameter being passed as part of a query, the system by default displays a detailed errors message. These error messages can disclosure a large amount of information about the server, but more importantly it would give an attacker information about specific databases and their tables which can then be abused in particular attacks. To secure against this vulnerability the system will detect error messages and provide a custom error message which will inform the user of a problem without disclosing any underlying data. A system administrator can then be informed of the problem and appropriate action can be taken. A number of different user types will have access to the system, ranging from basic users who will be submitting their Expense Reports, to administrative members of the Finance Department who will authorise employee Expense Reports. Each user of the system will have a user level. When a user logs into the system, the system interface will be customised to allow access to areas granted to that particular user level, and additional areas only accessible to higher privileged users will be hidden. Although the interface displayed for a user is customised to their permission level, there is the possibility of a malicious user attempting to gain access to areas they are not authorised to access. The system will accommodate this by authenticating the users rights for each webpage in the system. When a user requests any page, the system will compare the user s privileges with the required level for the page. If the user does not have the required privilege level the system will deny access to that page and inform the user appropriately. Data entry into systems is another area which can be exploited by malicious users. A number of vulnerabilities have been made public recently which allow a user to enter data into a web form which when submitted cause the server to carryout an action written by the user. To protect against this type of problem all user entered data will first be verified by the system as a correct data type for that question, i.e. an error will be presented to the user if they enter words in the form where numbers should have been used. User data will also be examined for malicious code to make sure the system is protected against any future software flaws made public which apply to the database server. The System from a basic point of view has the user entering data through a web page which is then stored in a database. When the user enters their data into the web forms, the data has to
27 be transmitted across a network to the server to be processed. The standard way of transmitting this data uses the Hypertext Transfer Protocol (HTTP) which sends this data in plain text across the network. If no precautions were taken, the data could be monitored by a third party allowing abuse through information disclosure or data modification. To protect against this the web interface will use Secure Sockets Layer (SSL) with Secure Hypertext Transfer Protocol (HTTPS). The process requires no alteration to the coding of the software because the transmitted data is encrypted separately on the client before transmission, and decrypted on the server when received
28 5. Implementation This section of the report show how the design decisions made in Section 4 were used in the final implementations. 5.1 Database Implementation In section 4.1 the design of the database was completed using the User Requirements and Entity- Relationship Diagrams which was then processed using Database Normalisation. The database design described was then built in SQL Server to store the data for the system. Once the design was created in the SQL Server there was no other work required specific to the database implementation. Once the database was complete, work was then required to produce appropriate SQL Queries to be used by the interface. When a user views a page in the system, it is likely that the page will contain dynamic content which will be retrieved from the database. To retrieve this data the website uses the ASP scripting language which connects to the server, executes the query and returns a result or data. An example query written for use in the system is a basic query which authenticates users when they first login to the system : SELECT u.screenname, u.pass, g.permission FROM dbo.user_accounts u JOIN dbo.system_group g ON u. user_system_group=g.id WHERE u.screenname= [frmusername] AND u.pass= [frmpassword] The above query will then return the result of the query which can be used by the system. Since the each user s username should be individual, if the user has entered a valid username, the query should only return 1 result
29 5.2 Interface Implementation The interface for the Expense and Reporting System has been broken down into a number of areas to allow more detailed examination of the chosen design. Main Design [Figure Main Interface Design] The screenshot above shows a general view of all the areas which will be covered in later sections. The design and colour scheme for the website is consistent throughout, and as seen on the screenshot the design accommodates all the design criteria specified in Section
30 Menu System [Figure General User Menu System] [Figure Managerial & Account User Menu System] The General User Menu System (Figure 5.2.2) forms the basis for all user types that have access to the system. The menu is straight forward and intuitive for the user to use. The user firsts selects the topic area that they would like to access. A second menu is then displayed with selectable options dependent on their initial main menu choice. The user can then select which particular task they would like to carry out and is taken to the relevant area of the system. The second menu screenshot (Figure 5.2.2) shows a very similar menu to that used by a General User which is for use by Function Manager or Accounts Department staff. The difference between the menu system is the additional options which allow these higher privilege staff to review general user expense reports for authorisation. The custom menu system which is specific to each user type is vital for two reasons. Firstly, for ease of use it is important that users only have to choose from the menu options which they should have access to. The visibility of options not available to that user would cause confusion and waste a users time. Secondly from a security point of view, if users were shown a menu system with options not applicable to their user type, some users may be tempted to try and gain access to these areas of the system. Although security has been designed into the system which would block their access, there is nothing to gain by encouraging this type of behaviour. The visibility of these additional menu items would also disclose information about the system unnecessarily again creating security implications
31 Content Area (Including Use of Text Formatting) [Figure Main Content Area & Text Formatting] Figure demonstrates the use of appropriate colours and space for the main content area. As per the design specifications the main content area uses primarily black text on a white background but this does not have to mean the site design has to be white all over. The design incorporates a blended surround down either side of the content area and any other areas of the interface where the background can be seen. The reason for choosing this type of design was to make the interface more comfortable on the eyes for the user while still using the well tested black text with white background for the main content which is known to be the best combination to make reading easier on the eyes. Figure also contains an example of each font style used within the site. The implementation of the text within the site mainly uses the HTML commands <H1> through <H6> and <P> (normal paragraphed text) which is a specific set of HTML components for text. The advantage of using approach is two fold. It is very easy when adding new pages to the system to use appropriate heading styles for areas of text if you know in advance what styles are available to you. Also, the use of these HTML commands integrates well with Accessibility Features provided in most Operating Systems
32 and Browsers. These Accessibility Features allow user to over-ride these settings to accommodate particular disabilities. For example although appropriate sizes and colours have been chosen for the text used on the interface, a disabled employee with an eye sight condition (e.g. colour blind) could adjust their Operating System Accessibility Options to over-ride the <H1>-<H6>. This would then allow the rendered interface to make use of the user defined settings to accommodate the user s needs User Summary Data [Figure User Summary Screen] It is likely that users will log in regularly after submitting an expense report to get an update on its status. Since this is a task likely to be carried out often, an expense report summary was integrated into the main entry page of the system. This means that every time a user logs into the system they will have instant access to the status of their expenses
33 Expense Report Creation [Figure Expense Report Creation] When a user creates an expense report they will use the interface as pictured in Figure The creation of an expense report requires the user to enter general information which is applicable to all the expense items added to the report. Some sections of the report are automatically filled in for the user which the system does not allow them to edit such as their Cost Centre number. There are a number of different types of form entry boxes which the user is requested to complete. To reduce user error and decrease the time to enter the data,, where possible the user is given a drop down list which is populated in advance. Form features such as drop down lists also assist in restricting the type of data the user enters. Once they have completed the form, the user selects Create at the bottom to create the report in the system. Once the report is created in the system, the user is questioned whether they would like to add expense items to the report. If they select yes they are taken to the Expense Item Creation screen, otherwise they are taken to their expense report summary page which will now contain the new empty expense report which can have expense items added later. Additional control buttons are also given at the bottom of the report to allow the user to reset the form if they want to start again, or cancel the form if they no longer want to enter a report into the system
CMP3002 Advanced Web Technology
CMP3002 Advanced Web Technology Assignment 1: Web Security Audit A web security audit on a proposed eshop website By Adam Wright Table of Contents Table of Contents... 2 Table of Tables... 2 Introduction...
More informationRichmond Systems. Self Service Portal
Richmond Systems Self Service Portal Contents Introduction... 4 Product Overview... 4 What s New... 4 Configuring the Self Service Portal... 6 Web Admin... 6 Launching the Web Admin Application... 6 Setup
More informationInfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures
InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures Overview One of the most popular applications of InfoCenter Suite is to help FDA regulated companies comply with
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationenicq 5 System Administrator s Guide
Vermont Oxford Network enicq 5 Documentation enicq 5 System Administrator s Guide Release 2.0 Published November 2014 2014 Vermont Oxford Network. All Rights Reserved. enicq 5 System Administrator s Guide
More informationWebSpy Vantage Ultimate 2.2 Web Module Administrators Guide
WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA January 25, 2007 Contents Executive Summary...3 Introduction...4 Target Audience...4
More informationDATABASE SYSTEMS. Chapter 7 Normalisation
DATABASE SYSTEMS DESIGN IMPLEMENTATION AND MANAGEMENT INTERNATIONAL EDITION ROB CORONEL CROCKETT Chapter 7 Normalisation 1 (Rob, Coronel & Crockett 978184480731) In this chapter, you will learn: What normalization
More informationHigh Level Design Distributed Network Traffic Controller
High Level Design Distributed Network Traffic Controller Revision Number: 1.0 Last date of revision: 2/2/05 22c:198 Johnson, Chadwick Hugh Change Record Revision Date Author Changes 1 Contents 1. Introduction
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationChange Management for Rational DOORS User s Guide
Change Management for Rational DOORS User s Guide Before using this information, read the general information under Appendix: Notices on page 58. This edition applies to Change Management for Rational
More informationNational Fire Incident Reporting System (NFIRS 5.0) Configuration Tool User's Guide
National Fire Incident Reporting System (NFIRS 5.0) Configuration Tool User's Guide NFIRS 5.0 Software Version 5.6 1/7/2009 Department of Homeland Security Federal Emergency Management Agency United States
More informationCity of Madison. Information Services. Crystal Enterprise Polices, Standards, and Guidelines
City of Madison Information Services Crystal Enterprise Polices, Standards, and Guidelines March 2006 City of Madison Crystal Enterprise Policies, Standards, and Guidelines Table of Contents Crystal Enterprise
More informationComparison of TaxWise Online & TaxWise Desktop. 2010 IRS Training
Comparison of TaxWise Online & TaxWise Desktop 2010 IRS Training 2010 CCH Small Firm Services. All rights reserved. 225 Chastain Meadows Court NW Suite 200 Kennesaw, GA 30144 Information in this manuscript
More informationVodafone New Zealand Microsoft Privacy Statement Dated: August 2013
Vodafone New Zealand Microsoft Privacy Statement Dated: August 2013 This Microsoft privacy statement sets out how your personal information is used by Vodafone in connection with the provision of the Microsoft
More informationTesting Web Applications for SQL Injection Sam Shober SamShober@Hotmail.com
Testing Web Applications for SQL Injection Sam Shober SamShober@Hotmail.com Abstract: This paper discusses the SQL injection vulnerability, its impact on web applications, methods for pre-deployment and
More informationMobile Device Management Version 8. Last updated: 17-10-14
Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names
More informationKaseya Server Instal ation User Guide June 6, 2008
Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's
More informationChristchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard
Christchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard Corporate Policies & Procedures Section 1: General Administration Document
More informationHow To Manage A Health Care System
Instructions for responding to Requirements Workbooks: These requirements have been formatted into workbooks as a more efficient and effective way not only for a vendor to respond; but for KHPA to evaluate
More informationA Web-Based Sports Centre Booking System Ben Smithurst csxbcs@comp.leeds.ac.uk Computer Science (2002-2003)
A Web-Based Sports Centre Booking System Ben Smithurst csxbcs@comp.leeds.ac.uk Computer Science (2002-2003) The candidate confirms that the work submitted is their own and the appropriate credit has been
More informationMS InfoPath 2003 MS InfoPath 2007 Microsoft Office InfoPath 2003 minimally runs on the following operating systems:
8. PREPARING AND TRANSMITTING EDGARLITE SUBMISSIONS 8.1 Purpose EDGARLite is an application that uses intelligent forms to aid in the construction of filings to be submitted to EDGAR. Each EDGARLite form
More informationredcoal EmailSMS for MS Outlook and Lotus Notes
redcoal EmailSMS for MS Outlook and Lotus Notes Technical Support: support@redcoal.com Or visit http://www.redcoal.com/ All Documents prepared or furnished by redcoal Pty Ltd remains the property of redcoal
More informationYour Blueprint websites Content Management System (CMS).
Your Blueprint websites Content Management System (CMS). Your Blueprint website comes with its own content management system (CMS) so that you can make your site your own. It is simple to use and allows
More informationPcounter CGI Utilities Installation and Configuration For Pcounter for Windows version 2.55 and above
Pcounter CGI Utilities Installation and Configuration For Pcounter for Windows version 2.55 and above About this document The core Pcounter application contains a number of CGI extension applications which
More informationTitle Page. Hosted Payment Page Guide ACI Commerce Gateway
Title Page Hosted Payment Page Guide ACI Commerce Gateway Copyright Information 2008 by All rights reserved. All information contained in this documentation, as well as the software described in it, is
More informationOptus EmailSMS for MS Outlook and Lotus Notes
Optus EmailSMS for MS Outlook and Lotus Notes Service Description, August 2005. OVERVIEW This document provides an overview of the Optus EmailSMS service delivered jointly by Optus and redcoal. It highlights
More informationFixes for CrossTec ResQDesk
Fixes for CrossTec ResQDesk Fixes in CrossTec ResQDesk 5.00.0006 December 2, 2014 Resolved issue where the list of Operators on Category was not saving correctly when adding multiple Operators. Fixed issue
More informationithenticate User Manual
ithenticate User Manual Updated November 20, 2009 Contents Introduction 4 New Users 4 Logging In 4 Resetting Your Password 5 Changing Your Password or Username 6 The ithenticate Account Homepage 7 Main
More informationINTEGRATION PROCEDURES AND SPECIFICATIONS
ipos Credit Card Payment Gateway INTEGRATION PROCEDURES AND SPECIFICATIONS Revision 7 Contents Contents 2 Introduction 3 ipos the simple online credit card solution 3 The Transaction Flow 4 Security 7
More informationCorporate Access File Transfer Service Description Version 1.0 01/05/2015
Corporate Access File Transfer Service Description Version 1.0 01/05/2015 This document describes the characteristics and usage of the Corporate Access File Transfer service, which is for transferring
More informationSecure Email Frequently Asked Questions
Secure Email Frequently Asked Questions Frequently Asked Questions Contents General Secure Email Questions and Answers Forced TLS Questions and Answers SecureMail Questions and Answers Glossary Support
More informationWhite Paper. Securing and Integrating File Transfers Over the Internet
White Paper Securing and Integrating File Transfers Over the Internet While the integrity of data during transfer has always been a concern the desire to use the Internet has highlighted the need to secure
More informationRAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER
RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based
More informationNYS OCFS CMS Contractor Manual
NYS OCFS CMS Contractor Manual C O N T E N T S CHAPTER 1... 1-1 Chapter 1: Introduction to the Contract Management System... 1-2 CHAPTER 2... 2-1 Accessing the Contract Management System... 2-2 Shortcuts
More informationClose Support Service Desk v 3.00. Upgrade Guide
Close Support Service Desk v 3.00 Upgrade Guide I Close Support Service Desk v 3 Upgrade Manual Table of Contents Part I Upgrading from version 2.95 2 1 Prerequisites... 2 2 Potential version... conflicts
More informationLISTSERV LDAP Documentation
LISTSERV LDAP Documentation L Soft Sweden AB 2007 28 November 2007 Overview LISTSERV version 15.5 can interface to LDAP servers to authenticate user logins, to insert LDAP attributes in mail merge distributions
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationHP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Application Setup help topics for printing
HP Service Manager Software Version: 9.40 For the supported Windows and Linux operating systems Application Setup help topics for printing Document Release Date: December 2014 Software Release Date: December
More informationUCL FINANCE DIVISION. iexpenses EXPENSE CLAIMS SEASON TICKET LOANS. www.ucl.ac.uk/expenses 1
UCL FINANCE DIVISION iexpenses EXPENSE CLAIMS SEASON TICKET LOANS www.ucl.ac.uk/expenses 1 iexpenses iexpenses is a new web based Expense Claim and Season Ticket Loan system for UCL Employees. How to log
More informationJim2 ebusiness Framework Installation Notes
Jim2 ebusiness Framework Installation Notes Summary These notes provide details on installing the Happen Business Jim2 ebusiness Framework. This includes ebusiness Service and emeter Reads. Jim2 ebusiness
More informationCopyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com
Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationithenticate User Manual
ithenticate User Manual Version: 2.0.8 Updated February 4, 2014 Contents Introduction 4 New Users 4 Logging In 4 Resetting Your Password 5 Changing Your Password or Username 6 The ithenticate Account Homepage
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationithenticate User Manual
ithenticate User Manual Version: 2.0.2 Updated March 16, 2012 Contents Introduction 4 New Users 4 Logging In 4 Resetting Your Password 5 Changing Your Password or Username 6 The ithenticate Account Homepage
More informationCitrix Systems, Inc.
Citrix Password Manager Quick Deployment Guide Install and Use Password Manager on Presentation Server in Under Two Hours Citrix Systems, Inc. Notice The information in this publication is subject to change
More informationWeb Hosting Features. Small Office Premium. Small Office. Basic Premium. Enterprise. Basic. General
General Basic Basic Small Office Small Office Enterprise Enterprise RAID Web Storage 200 MB 1.5 MB 3 GB 6 GB 12 GB 42 GB Web Transfer Limit 36 GB 192 GB 288 GB 480 GB 960 GB 1200 GB Mail boxes 0 23 30
More informationSafeguard Ecommerce Integration / API
Safeguard Ecommerce Integration / API Product Manual Version 3 Revision 1.11 Table of Contents 1. INTRODUCTION... 4 1.1 Available commands... 4 2. HOW THE ADMINISTRATION SYSTEM IS EXPECTED TO BE USED OPERATIONALLY...
More informationThe Impact of 21 CFR Part 11 on Product Development
The Impact of 21 CFR Part 11 on Product Development Product development has become an increasingly critical factor in highly-regulated life sciences industries. Biotechnology, medical device, and pharmaceutical
More informationNew Mexico State University. AiM 8.X Basic AiM
New Mexico State University AiM 8.X Basic AiM January 22, 2015 Confidential Business Information This documentation is proprietary information of New Mexico State University (NMSU) and is not to be copied,
More informationMadCap Software. Upgrading Guide. Pulse
MadCap Software Upgrading Guide Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished
More informationVector HelpDesk - Administrator s Guide
Vector HelpDesk - Administrator s Guide Vector HelpDesk - Administrator s Guide Configuring and Maintaining Vector HelpDesk version 5.6 Vector HelpDesk - Administrator s Guide Copyright Vector Networks
More informationmid phase ii Policyholder Information Pack
mid phase ii Policyholder Information Pack [Contents] [3] Introduction Background to the Motor Insurance Database (MID) MID Phase II UK Legislation [4] Requirements of MID Phase II Policy Information Vehicle
More informationIBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, 2016. Integration Guide IBM
IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, 2016 Integration Guide IBM Note Before using this information and the product it supports, read the information
More informationWhite Paper BMC Remedy Action Request System Security
White Paper BMC Remedy Action Request System Security June 2008 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information
More informationE-Invoicing Supplier Manual
E-Invoicing Supplier Manual Version: 1.0 2 E-Invoicing Supplier Manual Table of Contents 1 Introduction 3 1.1 About This... Manual 3 1.2 Getting Started... 3 2 Understanding E-Invoicing 4 2.1 Overview...
More informationCopyright http://support.oracle.com/
Primavera Portfolio Management 9.0 Security Guide July 2012 Copyright Oracle Primavera Primavera Portfolio Management 9.0 Security Guide Copyright 1997, 2012, Oracle and/or its affiliates. All rights reserved.
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationIBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, 2015. Integration Guide IBM
IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, 2015 Integration Guide IBM Note Before using this information and the product it supports, read the information in Notices on page 93.
More informationSnapt Balancer Manual
Snapt Balancer Manual Version 1.2 pg. 1 Contents Chapter 1: Introduction... 3 Chapter 2: General Usage... 4 Configuration Default Settings... 4 Configuration Performance Tuning... 6 Configuration Snapt
More informationSona Systems, Ltd. EXPERIMENT MANAGEMENT SYSTEM Master Documentation Set
Sona Systems, Ltd. EXPERIMENT MANAGEMENT SYSTEM Master Documentation Set Version 2.74 Copyright 2010 Sona Systems, Ltd., All Rights Reserved About This Manual This manual covers usage of the system from
More informationHow To Manage Web Content Management System (Wcm)
WEB CONTENT MANAGEMENT SYSTEM February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationPassword Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2
Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2 Last revised: November 12, 2014 Table of Contents Table of Contents... 2 I. Introduction... 4 A. ASP.NET Website... 4 B.
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationUnited States Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB)
for the United States Citizenship and Immigration Services (USCIS) June 22, 2007 Contact Point Harry Hopkins Office of Information Technology (OIT) (202) 272-8953 Reviewing Official Hugo Teufel III Chief
More informationMGC WebCommander Web Server Manager
MGC WebCommander Web Server Manager Installation and Configuration Guide Version 8.0 Copyright 2006 Polycom, Inc. All Rights Reserved Catalog No. DOC2138B Version 8.0 Proprietary and Confidential The information
More informationImplementing HIPAA Compliance with ScriptLogic
Implementing HIPAA Compliance with ScriptLogic A ScriptLogic Product Positioning Paper By Nick Cavalancia 1.800.424.9411 www.scriptlogic.com Table of Contents INTRODUCTION... 3 HIPAA BACKGROUND... 3 ADMINISTRATIVE
More informationB database Security - A Case Study
WHITE PAPER: ENTERPRISE SECURITY Strengthening Database Security White Paper: Enterprise Security Strengthening Database Security Contents Introduction........................................................................4
More informationHELP DOCUMENTATION E-SSOM INSTALLATION GUIDE
HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE Copyright 1998-2013 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by any means
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationGuidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationEnd User Guide The guide for email/ftp account owner
End User Guide The guide for email/ftp account owner ServerDirector Version 3.7 Table Of Contents Introduction...1 Logging In...1 Logging Out...3 Installing SSL License...3 System Requirements...4 Navigating...4
More informationTHE BCS PROFESSIONAL EXAMINATIONS Diploma. April 2006 EXAMINERS REPORT. Systems Design
THE BCS PROFESSIONAL EXAMINATIONS Diploma April 2006 EXAMINERS REPORT Systems Design Question. a) Write a BRIEF explanation of the purpose of TWO of the following UML diagrams as used in Object- Oriented
More informationNovaBACKUP. Storage Server. NovaStor / May 2011
NovaBACKUP Storage Server NovaStor / May 2011 2011 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without notice.
More informationHow To Create A Database Driven Website On A Computer Or Server Without A Database (Iis) Or A Password (Ict) On A Server (Iip) Or Password (Web) On An Anonymous Guestbook (Iit) On Your
Information and Communication Technologies Division Security Notes on Active Server Pages (ASP) and MS-SQL Server Integration Prepared by: Contributor: Reviewed: Richard Grime Chris Roberts Tom Weil Version:
More informationRemote Access Platform. Architecture and Security Overview
Remote Access Platform Architecture and Security Overview NOTICE This document contains information about one or more ABB products and may include a description of or a reference to one or more standards
More informationSecure Data Transfer
Secure Data Transfer INSTRUCTIONS 3 Options to SECURELY TRANSMIT DATA 1. FTP 2. WinZip 3. Password Protection Version 2.0 Page 1 Table of Contents Acronyms & Abbreviations...1 Option 1: File Transfer Protocol
More informationManaging your Joomla! 3 Content Management System (CMS) Website Websites For Small Business
2015 Managing your Joomla! 3 Content Management System (CMS) Website Websites For Small Business This manual will take you through all the areas that you are likely to use in order to maintain, update
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationHow To Create An Easybelle History Database On A Microsoft Powerbook 2.5.2 (Windows)
Introduction EASYLABEL 6 has several new features for saving the history of label formats. This history can include information about when label formats were edited and printed. In order to save this history,
More informationResPAK Internet Module
ResPAK Internet Module This document provides an overview of the ResPAK Internet Module which consists of the RNI Web Services application and the optional ASP.NET Reservations web site. The RNI Application
More informationServer Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access
More informationChapter 15 Basics of Functional Dependencies and Normalization for Relational Databases
Chapter 15 Basics of Functional Dependencies and Normalization for Relational Databases Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 15 Outline Informal Design Guidelines
More informationNational Fire Incident Reporting System (NFIRS 5.0) NFIRS Data Entry/Validation Tool Users Guide
National Fire Incident Reporting System (NFIRS 5.0) NFIRS Data Entry/Validation Tool Users Guide NFIRS 5.0 Software Version 5.3 Prepared for: Directorate of Preparedness and Response (FEMA) Prepared by:
More informationIntellect Platform - The Workflow Engine Basic HelpDesk Troubleticket System - A102
Intellect Platform - The Workflow Engine Basic HelpDesk Troubleticket System - A102 Interneer, Inc. Updated on 2/22/2012 Created by Erika Keresztyen Fahey 2 Workflow - A102 - Basic HelpDesk Ticketing System
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for
More information14.95 29.95. 3 Unlimited. Click4Assistance - Package Comparison. The Packages...
The Packages... Lite Low cost, entry level live chat software, available for small businesses with a single operator. This option allows unlimited chats, and offers a great range of button images and chat
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationKaseya 2. Installation guide. Version 7.0. English
Kaseya 2 Kaseya Server Setup Installation guide Version 7.0 English September 4, 2014 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationAjera 7 Installation Guide
Ajera 7 Installation Guide Ajera 7 Installation Guide NOTICE This documentation and the Axium software programs may only be used in accordance with the accompanying Axium Software License and Services
More informationSystem to System Interface Guide
System to System Interface Guide Overview What does this guide cover? This guide describes the interface definition to firms intending to submit their TRS Product Sales Data (PSD) or Securities Trades
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationElectronic business conditions of use
Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users
More informationLICENSE4J LICENSE MANAGER USER GUIDE
LICENSE4J LICENSE MANAGER USER GUIDE VERSION 4.5.5 LICENSE4J www.license4j.com Table of Contents Getting Started... 4 Managing Products... 6 Create Product... 6 Edit Product... 7 Refresh, Delete Product...
More informationIntroduction to Endpoint Security
Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user
More information