Application Error

Unfortunately an unexpected error has occurred and the process could not continue. Please click here to return to the login page.

If this problem persists please contact the ELCAS helpdesk, providing details of the action that you were undertaking prior to the error, along with the error code 404.

Upload Document

Please locate the document that you wish to upload by clicking on the choose file button below:

ELCAS Portal Security Operating Procedures

Introduction

1.

This document constitutes the Security Operating Procedures (SyOPs) for the ELCAS Portal. They are issued by the ELCAS System Security Officer in accordance with Ministry of Defence (MOD) Departmental Security Regulations. All personnel using the ELCAS Portal are to read, understand and comply with these SyOPs and no departure from or amendment to them is permitted without authorisation from the Security Authority (MOD (Training, Education, Skills, Recruitment and Resettlement (TESRR)).

2.

Disciplinary action or legal action may be taken against individuals who breach or ignore these orders. Any incident that has, or is likely, to compromise the security of the ELCAS Portal is to be reported immediately to the ELCAS System Security Officer.

Contact Details
Telephone Number: 0845 3005179 (UK)
Telephone Number: 0044 191 442 8196 (Overseas)
Email: elcas@m-assessment.com

Scope

3.

The ELCAS Portal is a controlled area accessible only to authorised users and may be used for the mechanisms:

a.
Entitled individuals to register for a course.
b.
Learning Providers to upload details of their courses and attendance thereof, invoice for learning and provide necessary time bound documentation.
c.
Education Staff (ES) to view and approve claims, amend Service Personnel (SP)/Service Leavers (SLs) details and create member accounts.
d.
ELCAS staff to undertake administration.

Acceptable Use

4.

All ELCAS Portal Users are to comply with the MOD's Acceptable Use Policy. In summary Users are not to:

a.
Attempt to access areas where they are not authorised to access.
b.
Attempt to damage the system to prevent its use.
c.
Attempt to introduce software or hardware of any type without consent from the Security Authority (MOD (TESRR)).
d.
Make unauthorised modifications to the system or the information hosted on it.

Roles and Responsibilities

5.

The roles and responsibilities of the ELCAS Portal are detailed below:

a.
ELCAS Users:
(1)
Responsible for ensuring their details are up to date (certain aspects can only be updated by their ES or Single Service Representatives (SSRs)).
(2)
Raising claims for approval.
(3)
Complete evaluation returns for prior claims.
(4)
Report any suspicious activity to the ELCAS System Security Officer: (see contact details above)
b.
Learning Providers:
(1)
Responsible for maintaining their own details.
(2)
Maintain course details and fees and associated attendance statistics.
(3)
Ensure all mandatory date bound documents are uploaded in a timely fashion.
(4)
Invoice for learning within agreed timeframes.
(5)
Report any suspicious activity to the ELCAS System Security Officer: (see contact details above)
c.
Education Staff:
(1)
Responsible for maintaining their own details.
(2)
Ensuring the details of SP are kept up to date.
(3)
Issue Claimant Members area accounts.
(4)
Ensuring their Delegation of Authority is maintained.
(5)
Approve/Cancel/Request Amends to claims.
(6)
Report any suspicious activity to Security Authority (MOD (TESRR)) via their SSR.
d.
Single Service Representatives:
(1)
Responsible for maintaining their own details.
(2)
Ensuring the details of SP are kept up to date.
(3)
Issue Claimant Members area accounts.
(4)
Ensuring their Delegation of Authority is maintained.
(5)
Approve/Cancel/Request Amends to claims.
(6)
Report any suspicious activity to Security Authority (MOD (TESRR)).
e.
ELCAS Administration Staff:
(1)
Act as support & Administration.
(2)
Maintain user accounts.
(3)
Maintain website and any back-end systems.

Account Creation and Password Controls

6.

Approved Learning Provider Accounts are created by ELCAS Administration Staff.

7.

ES/SSR and MOD Official accounts are created by ELCAS Administration Staff.

8.

Claimant Accounts are issued by Authorised ES.

9.

Passwords are not to be shared with anyone or written down anywhere under any circumstances.

10.

Users must not access the ELCAS Portal using another user's login details.

11.

Passwords must:
  • Be a minimum of 8 characters in length
  • Contain characters from at least three of the following: upper case, lower case, numbers, special characters
  • NOT contain the following special characters: SPACE & ' ( ) , / : ; < > @ [ \ ] ¬ { | } £ ¦

12.

Password resets are initiated by the user from the logon screen using the "password reset" button.

Delegating Access

13.

Access may be delegated to another appropriate user in order to enable continuity during periods of extended absence in line with the approved process.

Monitoring/Auditing

14.

Use of the ELCAS Portal may be subject to monitoring. Users are advised that system logs can be checked on a regular basis in order to detect unauthorised or suspicious system and security events.

15.

ELCAS administrators have the right to gain access to user accounts in case of an emergency or a legitimate legal/business requirement. A detailed request is to be provided by the requestor of exactly what they are requesting access to and for what purpose. This must be recorded for audit purposes. Once the access is granted the extraction of information must be carried out within legal guidelines and a 2 man rule must be followed 2/3. Dependant on the circumstances, all reasonable attempts will be made to inform the ELCAS user of the request to access their account. Access to their account is to be conducted by the delegated authority given by the system owner.

16.

Anyone suspected of breaching the Acceptable Use Policy or detected misusing their privileges through monitoring may have their account suspended. They may additionally be subject to disciplinary or even legal action 3.

1 Telecommunications (Lawful Business Practice Regulations) (Interception of Communications) Regulations 2000
2 Data Protection Act 2018
3 https://www.gov.uk/government/publications/acceptable-use-policy-jsp-740

Hide