TABLE OF CONTENTS


Knowing user rights


User roles are a named collection of user privileges and access rights that correspond to the responsibilities of the employee in a particular system or regulated mandatory actions according to the design of the process.


Each user can be assigned with several roles simultaneously


To check his / her current role a user should - follow to right upper corner of the case management portal's screen and hover over a profile icon. 


Current user roles will be shown in a user's profile

 

Default roles for all clients


The administrator is a user who is responsible for setting up the system and running it. The set of administrator rights allows you to manage:

  • user names, positions, locations, contacts
  • user rights / roles
  • user login sessions
  • user activity statistics
  • user access, logins and passwords
  • units / locations 
  • regions / countries
  • categories
  • workflows
  • procedures
  • scenarios
  • import cases
  • import calls and other info
  • set integrations
  • and other elements of system settings.

Supervisor (moderator) is a user who is responsible for the proper functioning of the process of registration of messages and their investigation, as well as control over the proper use of the system, has broader rights than ordinary users, has the ability to perform any operations with cases.

Case Manager - a user who is responsible for responding to messages and reviewing the case within the prescribed time limits. The manager has the widest authority within the assigned case, can assign tasks, define a team, modify and delete items that have been created by other members of the case team.


Responsible person, or case manager, is the manager who is assigned to a particular case.

Decision-maker - the user authorized to make a decision regarding the adequacy of the work performed and the conclusions of the case team, as well as the final decision on the existence of an offence and the response to it.


Case team member is a user who is allowed to work on a case. By default, team members see only part of the information: self-created items or items granted access to tasks.


Invited - a person who is temporarily assigned the role of a user of the system in order to perform certain tasks. The guest's access rights are limited to reading the provided task and related documents. The guest can create Documents and Facts, as well as comment or change the status of the Task.


Notified - a person who has been notified by the system about the presence of the case and/or any other details. Notified does not have access to the default case. A notified can have no access to the system and 


Auditor - a user with access to all cases, case components and analytical reports, but without permissions to make inputs, amend materials, delete or create anything. Please note: by default custom procedure cases are not visible for an auditor. Such a setting can be done by request.


Specific roles 

(optional feature / custom for different clients)


Analyst is a user who is an assistant supervisor and can receive some authority from him. The analyst is responsible for quality control of input information, as well as methodological or analytical support for other users. 


Default case manager - a user who can be assigned as a case manager by default automatically


Superuser - a user with similar rights to an Admin, but without the ability to manage user rights / create / delete users. 


Case decision-maker - users or persons participating in making a final decision over the case, online or offline. Case decision-maker role has been created speed up the case documentation and adds default decision-makers into final decision protocol automatically. Case decision-maker is a passive role - can be assigned to any person even not a user - without any access rights within a system.


Hotline auditor - a user with auditor rights (similar to an Auditor) towards whistleblowing channels. But, a hotline auditor has no access rights to cases created internally with Incident drafts / Incident memos / Case memos.


Region coordinator - a user with Coordinator role, but limited to a dedicated region. When assigning the role, please make sure to select the proper regions. Regional coordinators' access rights are limited to all cases within a designated region.



Region auditor - a user with Auditor role, but limited to a dedicated region. When assigning the role, please make sure to select the proper regions. Regional auditors' access rights are limited to all cases within a designated region.


Region manager - a user with a Manager's role. Such users will be visible in potential manager's drop downs available for selection by the region coordinator when assigning responsible for a case.


Escalation manager - a user which will receive escalated cases - messages and case which were marked by a whistleblower or a contact center operator to contain information about members of the team responsible for the hotline. In order to avoid self review and conflicts of interest, the Ethicontrol system can automatically bypass default route and submit the issue using an alternative one. Escalation manager role is very similar to a Supervisor (moderator). He / she is responsible for initial review and has the right to delegate / assign cases to others - the escalation team.


Escalation team - users with similar rights to Managers but within a dedicated escalation procedure. Escalation team is assigned to case on individual basis by an escalation manager.


CEO - special role for a CEO (Chief executive office) within a procedure outlined by a Client's SOP. The CEO receives escalated cases in case someone from a compliance / security team has been mentioned by a whistleblower. CEO role is similar to an escalation manager, so it can be only one within a system.


CSO - special role for a CSO (Chief Security Officer) within a procedure outlined by a Client's SOP. The CSO receives the escalated cases in case someone from other departments has been mentioned by a whistleblower. CSO role is similar to an escalation manager, so it can be only one within a system.


Supervisory board - is similar to escalation team.  Users with similar rights to Managers but within a dedicated escalation procedure  - escalation to the Supervisory Board. Supervisory board members are assigned to case as a group of users as soon as the dedicated Escalate to Supervisory Board procedure is assigned to a case.


Escalation 1 manager - similar to a Manager, but for a dedicated Escalation 1 procedure. Ethicontrol support an unlimited number of procedures which can be assigned to a case. The escalation manager role depends on the specifics of a Client's SOP. He/she is assigned by default as a responsible for the case when the Escalation 1 procedure is assigned to a case. 


Escalation 1 team - case team members which are added to a case by default when the Escalation 1 procedure is assigned to a case.


Escalation 2 or 3 manager - similar to the Escalation 1 Manager, but for another Escalation 2 or 3 procedures, which are assigned according to other escalation criteria as per a Client's SOP.


Escalation 2 or 3 team - similar to the Escalation 1 Team, but for another Escalation 2 or 3 procedures, which are assigned according to other different criteria as per a Client's SOP.


First closing - users with the rights to finalise the case after the main case team and submit to the Final closing (management's decision).


Final closing - users with the rights to document management's decision and close the case as resolved.


Informed - users who should receive notifications when the case is registered and with the access rights to view the case.


Ethics Panel - a bunch of users which can be notified (informed) about the case and provided with the access rights to view the case when the respective Notify Ethics Panel scenario is run.