Unfortunately the system could not determine which system you wish to log in to. Please click on one of the tiles below to navigate to the login page for the desired system.
Please locate the document that you wish to upload by clicking on the choose file button below; to upload a file please note it must be less than 4MB in size.
Introduction
1.
This document constitutes the Security Operating Procedures (SyOPs) for the ELCAS Portal. They are issued by the ELCAS System Security Officer in accordance with Ministry of Defence (MOD) Departmental Security Regulations. All personnel using the ELCAS Portal are to read, understand and comply with these SyOPs and no departure from or amendment to them is permitted without authorisation from the Security Authority (MOD (Training, Education, Skills, Recruitment and Resettlement (TSLD)).
2.
Disciplinary action or legal action may be taken against individuals who breach or ignore these orders. Any incident that has, or is likely, to compromise the security of the ELCAS Portal is to be reported immediately to the ELCAS System Security Officer.
Contact Details
Telephone Number: 0330 056 4202 (UK)
Email: elcas@qiaservices.com
Scope
3.
The ELCAS Portal is a controlled area accessible only to authorised users and may be used for the mechanisms:
d.
ELCAS staff to undertake administration.
Acceptable Use
4.
All ELCAS Portal Users are to comply with the MOD's Acceptable Use Policy. In summary Users are not to:
d.
Make unauthorised modifications to the system or the information hosted on it.
Roles and Responsibilities
5.
The roles and responsibilities of the ELCAS Portal are detailed below:
a.
ELCAS Users:
(4)
Report any suspicious activity to the ELCAS System Security Officer: (see contact details above)
b.
Learning Providers:
(5)
Report any suspicious activity to the ELCAS System Security Officer: (see contact details above)
c.
Education Staff:
(3)
Issue Claimant Members area accounts.
(6)
Report any suspicious activity to Security Authority (MOD (TSLD)) via their SSR.
d.
Single Service Representatives:
Responsible for maintaining their own details.
(6)
Report any suspicious activity to Security Authority (MOD (TSLD)) via their SSR.
e.
ELCAS Administration Staff:
(3)
Maintain website and any back-end systems.
6.
Approved Learning Provider Accounts are created by ELCAS Administration Staff.
7.
ES/SSR and MOD Official accounts are created by ELCAS Administration Staff.
8.
Claimant Accounts are issued by Authorised ES.
9.
Passwords are not to be shared with anyone or written down anywhere under any circumstances.
10.
Users must not access the ELCAS Portal using another user's login details.
11.
Passwords must:
12.
Password resets are initiated by the user from the logon screen using the "password reset" button.
13.
Access may be delegated to another appropriate user in order to enable continuity during periods of extended absence in line with the approved process.
14.
Use of the ELCAS Portal may be subject to monitoring. Users are advised that system logs can be checked on a regular basis in order to detect unauthorised or suspicious system and security events.
15.
ELCAS administrators have the right to gain access to user accounts in case of an emergency or a legitimate legal/business requirement. A detailed request is to be provided by the requestor of exactly what they are requesting access to and for what purpose. This must be recorded for audit purposes. Once the access is granted the extraction of information must be carried out within legal guidelines and a 2 man rule must be followed 2/3. Dependant on the circumstances, all reasonable attempts will be made to inform the ELCAS user of the request to access their account. Access to their account is to be conducted by the delegated authority given by the system owner.
16.
Anyone suspected of breaching the Acceptable Use Policy or detected misusing their privileges through monitoring may have their account suspended. They may additionally be subject to disciplinary or even legal action 3.
1 Telecommunications (Lawful Business Practice Regulations) (Interception of Communications) Regulations 2000
2 Data Protection Act 2018
3 https://www.gov.uk/government/publications/acceptable-use-policy-jsp-740