Unfortunately an unexpected error has occurred and the process could not continue. Please click
here
to return to the login page.
If this problem persists please contact the ELCAS helpdesk, providing details of the action that you were undertaking
prior to the error, along with the error code 404.
Upload Document
Please locate the document that you wish to upload by clicking on the choose file button below:
ELCAS Portal Security Operating Procedures
Introduction
1.
This document constitutes the Security Operating Procedures (SyOPs) for the ELCAS Portal. They are issued by the
ELCAS System Security Officer in accordance with Ministry of Defence (MOD) Departmental
Security Regulations. All personnel using the ELCAS Portal are to read, understand and comply with these SyOPs and
no departure from or amendment to them is permitted without authorisation from the Security Authority
(MOD (Training, Education, Skills, Recruitment and Resettlement (TESRR)).
2.
Disciplinary action or legal action may be taken against individuals who breach or ignore these orders. Any incident that
has, or is likely, to compromise the security of the ELCAS Portal is to be reported immediately to the
ELCAS System Security Officer.
The ELCAS Portal is a controlled area accessible only to authorised users and may be used for the mechanisms:
a.
Entitled individuals to register for a course.
b.
Learning Providers to upload details of their courses and attendance thereof, invoice for learning and provide necessary
time bound documentation.
c.
Education Staff (ES) to view and approve claims, amend Service Personnel (SP)/Service Leavers (SLs) details and
create member accounts.
d.
ELCAS staff to undertake administration.
Acceptable Use
4.
All ELCAS Portal Users are to comply with the MOD's Acceptable Use Policy.
In summary Users are not to:
a.
Attempt to access areas where they are not authorised to access.
b.
Attempt to damage the system to prevent its use.
c.
Attempt to introduce software or hardware of any type without consent from the Security Authority
(MOD (TESRR)).
d.
Make unauthorised modifications to the system or the information hosted on it.
Roles and Responsibilities
5.
The roles and responsibilities of the ELCAS Portal are detailed below:
a.
ELCAS Users:
(1)
Responsible for ensuring their details are up to date (certain aspects can only be updated by their ES or Single Service
Representatives (SSRs)).
(2)
Raising claims for approval.
(3)
Complete evaluation returns for prior claims.
(4)
Report any suspicious activity to the ELCAS System Security Officer: (see contact details above)
b.
Learning Providers:
(1)
Responsible for maintaining their own details.
(2)
Maintain course details and fees and associated attendance statistics.
(3)
Ensure all mandatory date bound documents are uploaded in a timely fashion.
(4)
Invoice for learning within agreed timeframes.
(5)
Report any suspicious activity to the ELCAS System Security Officer: (see contact details above)
c.
Education Staff:
(1)
Responsible for maintaining their own details.
(2)
Ensuring the details of SP are kept up to date.
(3)
Issue Claimant Members area accounts.
(4)
Ensuring their Delegation of Authority is maintained.
(5)
Approve/Cancel/Request Amends to claims.
(6)
Report any suspicious activity to Security Authority (MOD (TESRR)) via their SSR.
d.
Single Service Representatives:
(1)
Responsible for maintaining their own details.
(2)
Ensuring the details of SP are kept up to date.
(3)
Issue Claimant Members area accounts.
(4)
Ensuring their Delegation of Authority is maintained.
(5)
Approve/Cancel/Request Amends to claims.
(6)
Report any suspicious activity to Security Authority (MOD (TESRR)).
e.
ELCAS Administration Staff:
(1)
Act as support & Administration.
(2)
Maintain user accounts.
(3)
Maintain website and any back-end systems.
Account Creation and Password Controls
6.
Approved Learning Provider Accounts are created by ELCAS Administration Staff.
7.
ES/SSR and MOD Official accounts are created by ELCAS Administration Staff.
8.
Claimant Accounts are issued by Authorised ES.
9.
Passwords are not to be shared with anyone or written down anywhere under any circumstances.
10.
Users must not access the ELCAS Portal using another user's login details.
11.
Passwords must:
Be a minimum of 8 characters in length
Contain characters from at least three of the following: upper case, lower case, numbers, special characters
NOT contain the following special characters: SPACE & ' ( ) , / : ; < > @ [ \ ] ¬ { | } £ ¦
12.
Password resets are initiated by the user from the logon screen using the "password reset" button.
Delegating Access
13.
Access may be delegated to another appropriate user in order to enable continuity during periods of extended absence in
line with the approved process.
Monitoring/Auditing
14.
Use of the ELCAS Portal may be subject to monitoring. Users are advised that system logs can be checked on a regular basis
in order to detect unauthorised or suspicious system and security events.
15.
ELCAS administrators have the right to gain access to user accounts in case of an emergency or a legitimate legal/business
requirement. A detailed request is to be provided by the requestor of exactly what they are requesting access to and for what
purpose. This must be recorded for audit purposes. Once the access is granted the extraction of information must be carried
out within legal guidelines and a 2 man rule must be followed 2/3. Dependant on the circumstances, all reasonable
attempts will be made to inform the ELCAS user of the request to access their account. Access to their account is to be
conducted by the delegated authority given by the system owner.
16.
Anyone suspected of breaching the Acceptable Use Policy or detected misusing their privileges through monitoring may have their
account suspended. They may additionally be subject to disciplinary or even legal action 3.