Data Security

Data security is paramount in all of our systems and CASI has been designed to provide a secure repository for all of our client’s information.

Strict partitioning of data

The CASI database can be installed as a standalone instance on a dedicated server for your scheme, or you can host your information in one of our shared databases. Sharing a database with other schemes provides a cost effective solution for online hosting and doesn’t compromise your data security in any way.

All information saved in CASI is strictly partitioned by scheme and data provider. Access to retrieve or alter this information then requires the correct permissions. Permissions in CASI are held and maintained by two special objects called warrants and personas.

Warrants & Personas

Access to data requires a user account secured by a username and password. The account is then linked to data within the CASI database via a warrant and scheme specific persona object.

CASI Personas 

CASI has the following personas that describe the types of user who can access CASI services:

• Public - An unauthenticated or unlinked user who is accessing public CASI services or subscribing to basic services such as public email lists.
• Member - A member of the scheme who will usually have access to their own certification information and any additional scheme services for members.
• Buyer - An industry professional that is authorised to query the scheme database for the purposes of verifying the certification status of a scheme member.
• Certifier - An authorised user from a certification body or data provider that has access to the member information they certify and any additional certifier services offered by the scheme.
• Author - A user who has technical input into the standards that a scheme uses. They may have access to online editing tools or guidance libraries and literature for standard authoring.
• Scheme Manager - Nominated admin personnel that can access administrative tools and configure services for scheme members, buyers, authors and certifiers. 
• Scheme Administrator - Board and secretariat users that have access to management reports, scheme searches and other administration tools.

The warrant holds all of the permissions for a user to access data for a specific scheme or data provider. The persona describes what type of user you are; administrator, manager, certifier, author, buyer, or member. What users can do with data or services is governed by these personas. For example; members may be able to view a report on their own certification information, while registered buyers would be able to view certification information about all scheme members.