Security

Chameleon Software takes your data security extremely seriously and this is demonstrated by the app.

You must log in to the app every time you want to use it, with either your user name and password or a passcode.

There are a number of security features to prevent unauthorised access to your data.

Best practice

The simplest login method is to set up and use a passcode. This locks access to the app and hence to logging in.

To protect your data we recommend that you get in the habit of logging out of the app whenever you are not actively using it. It is very easy to re-enter your passcode.

If you close the app at any time, you have to log in again (via passcode or login credentials) when you return.

Thus, the app cannot run in the background, ready to resume at any time. This is a deliberate security measure to protect your data.

When you leave the app briefly, for example to text a case contact, you can return to the app without re-entering login details if you do so within the timeout interval (see Timeout below).

As a security measure 1234, 4321 and any digit used four time (e.g. 2222) cannot be used as passcodes.

If you forget your passcode you can enter a new one. However, you will be required to re-enter your username/password login(s). This protects against unauthorized access to your database.

if you want to change your passcode you must first enter the old one. This prevents someone changing the passcode of an unattended phone.

The timeout system ensures that if a case worker's mobile phone is lost or stolen and the app is open, unauthorised access to case files can be prevented.

The app logs the current user out after a defined amount of inactivity.

The timeout system setting is accessed in the web and Windows version of Case Manager.

This sets the number of minutes the mobile app can be open with no activity before it automatically logs the user out. Values between 2 and 1440 minutes (24 hours) can be entered.

If no value has been entered the default value of 5 minutes applies.

Once a timeout has occurred, the user is redirected to the login page with a message at the top: Session timed out. Please sign in again.

The maximum number times that you can enter the incorrect passcode is five. This feature protects against unauthorized access through trying to guess the passcode.

If you enter an incorrect passcode the number of remaining attempts is displayed.

After five failed attempts, the app clears all your previously stored username/password credentials to protect your data security.

The next step is to follow the process for a forgotten passcode, where you enter a new passcode and then re-enter your login credentials.