With the launch of TimeControl 7, we are gradually working through updating the vast array of TimeControl resource that are available online. This week saw a rewrite of the TimeControl On-Premise Security Architecture white paper which is now available on the TimeControl.com website. Rewriting such material gets everyone thinking about the subject matter so security turns out to be one of our most popular internal conversations this week.
To be fair, security has been a topic of conversation for the TimeControl developers since long before the first version of TimeControl was released. The first ever timesheet that HMS created was 10 years before TimeControl. Our client, Philips Information Systems in Canada needed a timesheet that would integrate with both the Payroll system and the Project Scheduling system. Security was a huge element of the design as the data for Payroll was, of course, very sensitive and the costing information in the project system was information that would have been terribly damaging to the company if it fell into the hands of competitors.
That original HMS timesheet was very secure for its time and there are elements of that design that live in TimeControl still. But times have changed and the threat of data and systems compromise has become ever more sophisticated each year since that first timesheet system.
While the TimeControl On-Premise Security Architecture reveals many of the elements of the TimeControl deign that lend themselves to a safe and secure system, it is primarily a document that lets prospective clients review TimeControl against their own security standards. Yes, we use the latest in many technology designers in TimeControl and we test against the OWASP standards (owasp.org) looking for potential threats and ensuring we protect against them but there are risks that you can implement at that are beyond the security architecture we designed for TimeControl. Here are a couple of basic tips you can think about regardless of your size:
- Have a security plan for your key systems and data and choose someone to be accountable for it.
- Authentication is key. How do people authenticate to your network, to your applications and even to your building.
- Outward facing or inward? Does TimeControl need to be accessible to the Internet or will it serve your purposes just as well being available only within the corporate firewall? Inward implementations aren’t as easily accessible and that can mean they’re safer.
- Don’t forget physical security. If someone can get physical access to the servers, they can get access to your systems.
- Monitor. Make sure you take advantage of the many technologies available to monitor unauthorized access or out of pattern use of your applications, your data and your network.
- Functional and Data restrictions. In TimeControl, User Profiles determine what users can see which data and which users can use or perform which functions. Think about who needs access and don’t be scared to start with less access and later ease up on your restrictions.
- Disaster Recovery. Make a plan for your data and systems being compromised and how you’ll recover from it. Then do an actual practice to make sure your plan works. Iterative and redundant backups and a plan for restoring them is something that makes security officers sleep better.
This is not a comprehensive list of course. There are many aspects to a complete security plan that are better explained by specialists in that field. We’ve been talking about TimeControl for an On-Premise implementation. Next month as we upgrade TimeControl Online to version 7 we’ll be updating our Security Architecture white paper for TC Online and we’ll be sure to talk about that here in the blog.
You can find the TimeControl 7 On-Premise Security White paper at: TimeControl.com/resources/whitepapers
Years ago with the release of TimeControl 6, we moved from a Windows-based ActiveX timesheet to a multi-device, multi-browser version. It was an essential move. The world is no longer all PC/Internet Explorer-based. So TimeControl 6 was a complete rewrite of much of TimeControl. But in making the TimeControl timesheet work on tablets, SmartPhones and browsers like Chrome, Safari and Firefox meant a change. In order to be able to evaluate the content of each timesheet cell and do all the validations that TimeControl is known and selected for, we had to move to a one-line-at-a-time edit. For new users, this was just fine but some users of the Windows-based interface felt that editing each line at a time was slower than they were used to.
In TimeControl 7, technology caught up to us in a way that we can bring back something old that’s new again. The technology built into the multi-device, multi-browser TimeControl timesheet now allows us to be both performant and functional and to allow all lines to be edited at once. For users who enjoy the efficiency of pre-loading, this will be a welcome change. Each timesheet with multiple lines has all lines editable at the same time. Users can just click on any cell and they are instantly editing that cell. Just like TimeControl has always done, when the focus of editing moves off of a cell, TimeControl evaluates that line and warns the user if there are any issues with that cell or conditions other data on the timesheet as required. So cascading user defined fields and resource filters are all in place just as they always have been.
Multi-line edit isn’t the only change in the timesheet. The new Options screen allows a number of new selections. For example, users can now decide if they wish to word-wrap header rows. This allows dates and the day of the week to be displayed on two lines but also allows the field to be narrow. Each column can also be defined to be word-wrapped. If you have longer project descriptions or charge descriptions, just click on wrapping that column. You can also define which fields on the left of the screen will be frozen in place in case you scroll to the right. This is particularly important if you have defined longer timesheet periods. If you have monthly periods for example, you’ll certainly want to freeze the project/charge descriptions on the left to be able to fill in columns far to the right!
All the other timesheet functions are still there but many have been enhanced. Attachments can still be made at the timesheet level or the expense line item level so if you have receipts to photograph or scan, they can be attached here. There is a new Views tab that will be of more interest to administrative users who have to check timesheets with a large number of lines. The Views function works much like the Drill Down Analyzer, allowing the user to drag and drop timesheet columns to see data summarized and grouped by each field selected.
We think you’ll like the new multi-line timesheet. It will form the core of this wave of TimeControl for the foreseeable future.
HMS is in Minneapolis/St-Paul this week where we are the gold sponsors of the Minnesota PMI’s Professional Development Days event. HMS Software’s President, Chris Vandersluis will be speaking on two topics and HMS will have a booth to show off the latest version of TimeControl. The Symposium part of the week is Thursday September 15th and we’ll be auctioning off a big screen TV to one lucky attendee. Stop by the booth and speak to us about TimeControl 7 and how it might help solve your timesheet challenges.
If you’re going to the Professional Development Days, please make a point of saying hello.
To find out more about the Minneapolis PMI’s Professional Development days, go to: www.pmi-mn.org.
To find out more about TimeControl 7, visit: www.timecontrol.com/features/latest.
We are so excited to announce that we have released an exciting new version of TimeControl. TimeControl version 7 is a major upgrade to the product we launched the first version of over 20 years ago and we are sure it will be welcomed by both existing and new customers. There are over 40 major new features or enhanced features that you’ll be seeing as the new version is released. Here are only a few:
Multi-line edit timesheet
The TimeControl 7 timesheet has been completely rewritten to allow all cells in the timesheet to be edited simultaneously. In previous versions, a single line had to be edited at a time due to the many customizable validations that are tracked on each cell and each line. We have determined methods to accomplish the same thing while allowing all the lines to be changed at once. For those with timesheets that have a large numer of pre-loaded tasks, this will be a welcome change.
TimeControl 7 now allows you to view projects, tasks or assignments in graphical Gantt charge views. This gives users an easier perspective into data they have access to and to highlight potential assignment challenges in the coming days. The view is highly configurable and is accessed from either the Reporting tab or the MyAssignments tab of each user’s Options page.
TimeControl 7 introduces a brand new view into assignments with a calendar view. The view can include assignments and/or TimeRequests™ and can be access from either the reporting view or from right inside the TimeRequest Approval screen. Now a supervisor with multiple requests for vacations in a given period can quickly pop up a calendar to see them graphically displayed and can distinguish between draft, released for approval, approved and rejected requests by using different colors for each type.
There are more than 40 more exciting new and improved features in TimeControl 7 that we haven’t even listed here. For a more complete list, see the Latest TimeControl page on the website.
TimeControl 7 is available for download right now for clients who have an active support agreement at TimeControl.com/support/updates. If you are an existing TimeControl client and need to renew your support agreement, please email firstname.lastname@example.org.