| Permission | Enables | Implications | Related |
| Full access to Procedures > Accounting > Generate Invoices. | In this area, a user can batch generate invoices that have
not yet been distributed to clients.
The workflow to generate invoices from the account level for brokers, clients, finance companies, or other interests is secured separately (under General > Transactions). |
||
| Full access to Procedures > Accounting > Generate Late Charges | In this area, a user can batch generate late charges per transaction or per account. | ||
| Full access to Procedures > Accounting > Generate Statements. | In this area, a user can batch generate statements for brokers,
clients, finance companies, or other interests.
The workflow to generate an individual statement from the account level is secured separately (under General > Transactions). |
||
| Full access to Procedures > Accounting > Invoice Quality Check. | If the system is set up to use Invoice Quality Check (in Configure > Accounting > System Settings), users need to access this area to approve or reject invoices and determine whether they can be distributed. | Users can only approve or reject invoices if they have security access to the associated structures. | |
Year-End |
Access to Procedures > Accounting > Year-End. | View a list of years and their statuses (Open or Closed) per agency. | |
| Use the Close Year action available in Procedures > Accounting > Year-End. | Closing a year moves the year's net revenue/loss to Retained
Earnings and prevents any items from being added to the year.
A year can be re-opened if the last month of the year is re-opened via the Open Month action available in Procedures > Accounting > Month-End. |
Users must also be granted the Year-End right under Procedures > Accounting. |
| Permission | Enables | Implications | Related |
| Full access to Procedures > Activities > Manually Process Activities. | While activity further actions are scheduled in Configure > Activity > Process Activities, users with access to this area can process activities at any time. Be aware that processing large numbers of activities during peak hours may have a negative effect on system performance. | ||
| Full access to Procedures > Activities > View Error Reports. | In this area, a user can view and delete error logs related
to processing activity further actions. Typically, only a user
in an administrative role would need to do this.
Because error reports can be configured to be sent automatically as the initial notification of any problems (see Configure > Activity > Process Activities), it may not be necessary to access this area to view error details. However, this area provides access to past error logs, which are retained for the number of days established in Configure > Activity > Process Activities). |
| Permission | Enables | Implications | Related |
| View rights to the Procedures > Auditing > Client Access Log screen. | Users with this right can only access the Client Access Log screen. They cannot perform searches or view individual logs. |
Users must also have the Client Access Log - Client Search and/or Client Access Log - User Search rights granted to locate logs and view them from this screen. | |
Client Access Log - Client Search |
Locate a log via client search in Procedures > Auditing > Client Access Log. |
Users with this right can search by client on the Client Access Log screen and view the client access logs they locate. |
Users can only view logs for clients for whom they have structure access. |
Client Access Log - User Search |
Locate a log via user search Procedures > Auditing > Client Access Log > User Search. |
Users with this right can search by user on the Client Access Log screen and view the client access logs they locate. | Users can only view logs for clients for whom they have structure access. |
| Permission | Enables | Implications | Related |
| Full access to Procedures > Document Management > Acquire and Attach Image. | Because this area involves adding attachments, it would be logical to grant this security right to any user granted the right to add an attachment under General > Attachments. | Users may only add attachments to accounts to which they have
security access.
Users may only add attachments with Security levels that they are granted access to under General > Attachments. |
|
| Full access to Procedures
> Document Management > Batch Scan area for
users with Applied Epic installed locally on their computers.
The Batch Scans
area is not available to users accessing Epic through a web browser.
For users accessing Epic from a web browser, this permission gives full access to the Procedures > Document Management > Import Scans area. The Import Scans area is not available in the desktop version of Epic. |
This permission should be granted to any user responsible for batch scanning or for importing scanned TIFF or PDF files. | ||
| Full access to Procedures > Document Management > Batch Scan History. | This screen provides information regarding scanned or imported
batches, which documents were included, and the accounts to which
the attachments were routed. It also provides error message information
in the event that a scanned item fails to be attached in the system.
This right should be granted to users who are responsible for diagnosing issues with scanned attachment batches. |
Users will not be able to use the Access > Attachment option from this screen unless they have security access to view the selected attachment. | |
| Access to Procedures > Document Management > Unrouted Attachments. | If a front-end scanning process is in use, all users who might have documents routed to them (which would ideally be all personnel) should be granted this right. | ||
| Delete attachments in Procedures > Document Management > Unrouted Attachments. | Deleting unrouted attachments removes them from the system
completely, so this security right should be restricted.
Users who are not granted this right may still use the Recycle action to remove attachments from their views. Recycled attachments can still be accessed for the number of days entered in Configure > Attachment > Scanned Documents (after this amount of time has passed, the recycled attachments are purged). |
Users must also be granted the View All Unrouted Attachments right under Procedures > Document Management. | |
| Use the Reassign action available in Procedures > Document Management > Unrouted Attachments. | This action is used when an unrouted attachment is sent to the wrong person. Because personnel might misuse the ability to reassign documents to others, you may wish to limit this right to administrators and supervisors. | Users must also be granted the View All Unrouted Attachments right under Procedures > Document Management. | |
| Use the Save As action in Procedures > Document Management > Unrouted Attachments. | Saving unrouted attachments outside the system may be necessary in the event that an attachment should not be attached to an account. The Save As action enables users to save an attachment to a hard drive or network location. Saving the item, however, removes it from the list of unrouted attachments in Epic, so you may wish to restrict access to this action. | Users must also be granted the View All Unrouted Attachments right under Procedures > Document Management. | |
View All Unrouted Emails |
Access Procedures > Document Management > Unrouted Emails and route emails. | If your organization has set up monitoring for generic or shared email addresses in Email Monitoring Configuration, users with this right can attach emails sent to these addresses to the appropriate accounts or policies. Any user responsible for monitoring one of these addresses (either individually or as a member of a Work Group) should be granted this right. |
|
Unrouted Emails - Delete |
Delete emails in Procedures > Document Management > Unrouted Emails. | Deleting unrouted emails removes them from Applied Epic completely, so this security right should be restricted. Users who are not granted this right may still delete emails after they are attached to an account or policy if necessary. |
Users must also be granted the View All Unrouted Emails right under Procedures > Document Management. |
| View unrouted faxes with a classification of General in Procedures > Document Management > Unrouted Faxes. | General unrouted faxes are those that are not assigned to any user. Incoming items are automatically sent to this area, so there is a chance that some of the faxes may contain sensitive information. This security right, therefore, should be limited. | ||
| Use the dropdown menu to locate employees and view unrouted faxes assigned to them in Procedures > Document Management > Unrouted Faxes. | Because allowing users to view faxes assigned to other employees may pose a confidentiality risk, this security right should be limited. | ||
| View unrouted faxes with a classification of Group in Procedures > Document Management > Unrouted Faxes. | This security right enables a user to view all unrouted faxes assigned to members of the security group(s) of which the user is also a member. Viewing faxes for other users poses a confidentiality risk, but if the groups are configured well, this can allow users with the same role to view faxes for all group members and to share common tasks. | ||
| Delete faxes in Procedures > Document Management > Unrouted Faxes. | Deleting unrouted faxes removes them from the system completely, so this security right should be restricted. | ||
| Use the Assign/Reassign action available in Procedures > Document Management > Unrouted Faxes. | This action is used when an unrouted fax is sent to the wrong person. Because users might abuse the ability to reassign faxes to others, you may wish to limit this right to administrators and supervisors. | ||
| Full access to Procedures > Document Management > Distribute Files. | In this area, a user can distribute Epic Document Writer output throughout the system via email, fax, or print, or by attaching the files to an account without distributing. |
| Permission | Enables | Implications | Related |
| Export Custom Items | Full access to Procedures > Export > Custom Items. | In this area, a user can access custom forms as well as a variety of templates from the system. Few users would have reason to access this area. |
| Permission | Enables | Implications | Related |
| Import Custom Items | Full access to Procedures > Import > Custom Items. | Importing previously extracted custom items can have a significant impact on existing custom forms and templates. Only users who are aware of the effects of this action and the way templates are associated to the forms should have access to this area. | |
| Import Prospect Files - View | View-only access to Procedures > Import > Prospect Files. | ||
| Import Prospect Files - Add | Add files to the list in Procedures > Import > Prospect Files. | The files added in this area are used to create import batches in Procedures > Import > Prospect Batches. | Users must also be granted the Import Prospect Files - View right under Procedures > Import. |
| Import Prospect Files - Delete | Delete files from the list in Procedures > Import > Prospect Files. | Users must also be granted the Import Prospect Files - View right under Procedures > Import. | |
| Import Prospect Batches - View | View-only access to Procedures > Import > Prospect Batches. | ||
| Import Prospect Batches - Add | Add batches to the list in Procedures > Import > Prospect Batches. | This security right does not give a user the ability to actually add prospect data. The Add Prospect Batch workflow only involves determining how a previously uploaded prospect file (see Procedures > Import > Prospect Files) should be mapped and imported. | Users must also be granted the Import Prospect Batches - View right under Procedures > Import. |
| Import Prospect Batches - Edit | Edit batches listed in Procedures > Import > Prospect Batches. | This security right does not give a user the ability to actually modify prospect data. The Edit Prospect Batch workflow only involves determining how a previously uploaded prospect file (see Procedures > Import > Prospect Files) should be mapped and imported. | Users must also be granted the Import Prospect Batches - View right under Procedures > Import. |
| Import Prospect Batches - Delete | Delete batches from the list in Procedures > Import > Prospect Batches. | Users must also be granted the Import Prospect Batches - View right under Procedures > Import. | |
| Import Prospect Batches - Import Batches | Import batches listed in Procedures > Import > Prospect Batches. | Only a few people are likely to be importing prospects and doing so can have a large impact on the system if a large number of items is added. Access to this right, therefore, should be limited. | Users must also be granted the Import Prospect Batches - View and Import Prospect Batches - Edit rights under Procedures > Import. |
| Permission | Enables | Implications | Related |
| Use the Batch Update from Files action available in Procedures > Interface Management. | The Batch Update from Files action would only be used if a download company sends files outside the Ivans network and provides the agency with an alternate way to access download files. It may also be used by Applied Systems Support to run Initial Load files through Epic or re-run a previously downloaded file. Only designated interface personnel would be likely to need to perform this procedure. | ||
| Use the CSIOnet action available in Procedures > Interface Management. | CSIOnet download is the most common means of receiving policy data sent from companies. Download can be scheduled to occur regularly or can be run manually. It is likely that a single user would be responsible for running download, but access should also be granted to a few backup personnel in case that user is out of the office. | ||
eDocs & Messages |
Use the eDocs & Messages action available in Procedures > Interface Management. | The eDocs & Messages option downloads only eDoc messages, which are sent through Ivans. This action would be used in the event that the agency is expecting a request response from a carrier and does not wish to wait for the scheduled download to run. It is likely that a single user would be responsible for running download, but access should also be granted to a few backup personnel in case that user is out of the office. | |
| Run the Assign Policies in Suspense process available in Procedures > Interface Management > Assign Items in Suspense. | This enables users to assign downloaded policies to new or existing customers or policies. While large agencies may need to assign this right to multiple users to handle the amount of downloaded policy data, keep in mind that multiple users can be in Suspense at the same time and might interfere with each other's workflows. | ||
| Use the Update Items in Suspense > Policies action available in Procedures > Interface Management. | This enables users to update assigned items immediately or to schedule the update. Because this action updates all assigned items as a single job, not as many users will be required to run/schedule the update as are required to assign the items. | ||
| Run the Assign Automated Download Invoicing Items in Suspense process available in Procedures > Interface Management > Assign Items in Suspense. | This enables users to assign downloaded invoices to customers or policies. While large agencies may need to assign this right to multiple users to handle the amount of downloaded invoices, keep in mind that multiple users can be in Suspense at the same time and might interfere with each other's workflows. | ||
Automated Download Invoicing Suspense – Edit Transaction Code |
Edit the transaction code on an Automated Download Invoicing item in Procedures > Interface Management > Assign Items in Suspense > Automated Download Invoicing. | Because this right enables users to edit the transaction codes sent by insurers before transactions are updated out of Suspense, limit it to users who are familiar with your organization’s transaction codes and understand when and why changes might be necessary. | The user must also be granted the Automated Download Invoicing Suspense right under Procedures > Interface Management. |
| Use the Update Items in Suspense > Automated Download Invoicing action available in Procedures > Interface Management. | This enables users to update assigned items immediately or to schedule the update. Because this action updates all assigned items as a single job, not as many users will be required to run/schedule the update as are required to assign the items. | ||
| Run the Assign eDocs & Messages in Suspense process available in Procedures > Interface Management > Assign eDocs & Messages in Suspense. | This enables users to assign downloaded eDocs & Messages to customers or policies. While large agencies may need to assign this right to multiple users to handle the amount of downloaded eDocs & Messages, keep in mind that multiple users can be in Suspense at the same time and might interfere with each other's workflows. | ||
| Use the Update Items in Suspense > eDocs & Messages action available in Procedures > Interface Management. | This enables users to update assigned items immediately or to schedule the update. Because this action updates all assigned items as a single job, not as many users will be required to run/schedule the update as are required to assign the items. | ||
Download Results – Automated Download Invoicing |
Search and view ADI download data in Procedures > Interface Management > Download Results | This right enables users to access ADI download data in Download Results. Granting this right to users responsible for processing ADI items out of Suspense is recommended, so that they can identify any issues that occur during Download. | |
Download Results – eDocs & Messages |
Search and view eDocs & Messages download data in Procedures > Interface Management > Download Results | This right enables users to access eDocs & Messages download data in Download Results. Granting this right to users responsible for processing eDocs & Messages out of Suspense is recommended, so that they can identify any issues that occur during Download. | |
Download Results - Policies |
Search and view Policies download data in Procedures > Interface Management > Download Results | This right enables users to access Policies download data in Download Results. Granting this right to users responsible for processing policies out of Suspense is recommended, so that they can identify any issues that occur during Download. | |
Download Results - Errors |
Search and view download error data in Procedures > Interface Management > Download Results | This right enables users to access download error data in Download Results. Because users with this right can view information from all Download areas, access should be limited. | |
| Use the Recall from Ivans and Cancel Recall link labels available on the Download Results screen to recall transactions from Applied Ivans Exchange or cancel a recall. | This right enables users to recall policy, and eDoc transactions from your mailbox in Applied Ivans Exchange or cancel a recall they have initiated. To ensure that download files are only recalled when appropriate, access should be limited. | To recall transactions and cancel recalls, the user must also be granted at least one of the following rights under Procedures > Interface Management > Download Results: Download Results – Automated Download Invoicing, Download Results – eDocs & Messages, Download Results – Policies, or Download Results – Errors. | |
| Full access to Procedures > Interface Management > Dashboard. | This right enables users to view and filter charts and graphs illustrating short- and long-term trends in your organization’s download activities and performance. Administrators responsible for managing Download for your organization should be granted access to this area. | ||
| View-only access to Procedures > Interface Management > Suspense Recycle Bin. | This right enables users to access the Suspense Recycle Bin screen and view all deleted Suspense items in suspense, but not to restore these items or delete them permanently. |
||
Suspense Recycle Bin - Delete |
Permanently delete items in Procedures > Interface Management > Suspense Recycle Bin. | This security right enables a user to delete items in the Suspense Recycle Bin permanently. Because deleting items that are located in the Suspense Recycle Bin removes them from the system completely and cannot be undone, access should be limited. |
To delete items permanently, the user must also be granted the Suspense Recycle Bin right. |
Suspense Recycle Bin - Restore |
Restore items to Suspense from Procedures > Interface Management > Suspense Recycle Bin. | This security right enables a user to restore items from the Suspense Recycle Bin to their respective Suspense areas. To ensure that items are only restored when appropriate, access should be limited. | To restore deleted items, the user must also be granted the Suspense Recycle Bin right. |
| Permission | Enables | Implications | Related |
| Full access to Procedures > Job Management > Print Queue. | This area stores documents from batch printing workflows so that agency personnel can change the type of paper to be used. This allows different document types to print if an agency only has one printer. Anyone with access to this area can also dequeue print jobs. | ||
| Access to Procedures > Job Management > Fax Log. | Access to this area allows users to see all fax jobs entering or leaving the system. This could mean they are able to access information that they would not be able to see otherwise (e.g. outbound faxes related to clients in structures to which the users do not have access). Therefore, access to the Fax Log should be restricted to management and administrators. | ||
| Use the Cancel Fax action available in Procedures > Fax Log. | Cancelling a fax can be useful when it is determined that the wrong number is being used or in other cases where it would be inappropriate to retry sending the fax multiple times. | The user must also be granted the Fax Log right under Procedures > Job Management. | |
| Use the View Fax Details / Re-send action available in Procedures > Fax Log. | Re-sending a fax can be useful if the fax has failed due to an incorrect phone number or other issue, such as the recipient's fax machine being busy. | The user must also be granted the Fax Log right under Procedures > Job Management. | |
| Ability to search for and view the status of one's own submitted jobs in Procedures > Job Management > Jobs. | A user's Notifications can be configured so they provide the user with information on completion or failure of submitted jobs. Users who run longer jobs, however, might wish to access this screen so that they can track the jobs' status. | In order to access job detail or to perform any actions available on the screen, the user must also be granted the Jobs - Edit right under Procedures > Job Management. | |
| Ability to search for and view the status of jobs submitted by all users in Procedures > Job Management > Jobs. | This right should be granted to any users responsible for maintaining the system, as it allows them to monitor job progress. | In order to access job detail or to perform any actions available on the screen, the user must also be granted the Jobs - Edit right under Procedures > Job Management. | |
| Access to job detail in Procedures > Job Management > Jobs, as well as to the Cancel Job(s), Purge Job(s), and Re-send Job actions. | Most users will never need to cancel, purge, or re-send a job, but they must have this right to add, edit, or delete Recipients or edit the Job Details for scheduled report-based jobs. Grant this right to anyone responsible for managing jobs in the system. | To edit jobs that they submitted, the user must also be granted
the Jobs - View right
under Procedures > Job Management.
To edit jobs submitted by others, the user must also be granted the Jobs - View All Jobs right. |
| Permission | Enables | Implications | Related |
| View-only access to Procedures > Accounting > Month-End. | View a list of months and their statuses (Open, Locked, Posted, Finalized) per agency. | ||
| Use the Lock/Unlock Month action available in Procedures > Accounting > Month-End. | Locking a month prohibits any General Ledger or transaction data from being entered in that month. Unlocking a month permits the entry of that information. | The user must also be granted the View right under Procedures > Month-End. | |
| Use the Generate Journal Entries action available in Procedures > Accounting > Month-End. | Generating journal entries is the process that posts all transactions to the General Ledger. This should be done before you run any financial reports (Balance Sheet, Income Statement, etc.) to ensure that the General Ledger balances are up to date. | The user must also be granted the View right under Procedures > Month-End. | |
| Use the Change Default Month action available in Procedures > Accounting > Month-End. | This action enables a user to change the current system default month across all agencies. This is the month that will default for all General Ledger and transaction data entered. When a month is locked in preparation for Month-End, the default month should be changed to the next month. | The user must also be granted the View right under Procedures > Month-End. | |
| Use the Close Month action available in Procedures > Accounting > Month-End. | This action enables a user to close a month for an agency. This prevents General Ledger and transaction data from being entered in the month (with the exception of backposted journal entries). | The user must also be granted the View right under Procedures > Month-End. | |
| Use the Finalize Month action available in Procedures > Accounting > Month-End. | This action enables a user to finalize a month for an agency.
Finalizing a month prevents it from being re-opened and prevents
any General Ledger or transaction data, including backposted journal
entries, from being entered in the month. Once a year has been
closed and final figures have been sent to corporate headquarters
or reported for tax purposes, all months in the year should be
finalized to prevent any further modification.
Because finalizing a month is irreversible, this security right should be carefully restricted. |
The user must also be granted the View right under Procedures > Month-End. | |
| Use the Open Month action available in Procedures > Accounting > Month-End. | A user with this right can re-open a month that was previously closed. Re-opening a month automatically locks it, so the user will also need to be granted rights to unlock the month in order to actually enter any General Ledger or transaction data. | The user must also be granted the View right under Procedures > Month-End. | |
| Use the Modify Next Scheduling/Recurrence action available in Procedures > Accounting > Month-End. | This action can be used to cancel/reschedule the generation
of journal entries and to modify the frequency at which journal
entries are automatically generated.
If a scheduled job exists for generating journal entries, this action will modify the scheduled job. |
| Permission | Enables | ||
| Workflows - View | View-only access to Procedures > myEpic Management > Workflows. | View a list of workflows and their statuses (Completed, Discontinued, In Progress, Suspended). | |
| Suspended Workflows - Reassign | Use the Reassign Workflow action available in Procedures > myEpic Management > Workflows. | A user with this right can reassign the remaining steps of a suspended workflow to a different employee. | The user must also be granted the View right under Procedures > myEpic Management. |
| Suspended Workflows - Discontinue | Use the Discontinue Workflow action available in Procedures > myEpic Management > Workflows. | A user with this right can discontinue a suspended workflow. The workflow cannot be resumed once it has been discontinued. | The user must also be granted
the View right under
Procedures > myEpic Management.
|
| Suspend In Progress Workflows | Use the Suspend Workflow action available in Procedures > myEpic Management > Workflows. | A user with this right can suspend a workflow that is currently in progress. | The user must also be granted
the View right under
Procedures > myEpic Management.
|
| Permission | Enables | Implications | Related |
| General Bulk Renewal Logs | Full Access to Procedures > Policy > General Bulk Renewal Logs | A user with this right can view and delete the General Bulk Renewal logs, which list the policies that renewed and that failed to renew when a user performs the Renew action on multiple policies at once. If renewals have been configured to generate activities, the log also lists any activities that failed to generate. Because the log files contain policy information that is viewable even if the user is not granted access to those policies, you may want to limit access to this area. | |
| Send PDF Batch to Drive | Full access to Procedures > Policy > Send PDF Batch to Drive. | In this area, a user can move PDF batches created for certificates, evidences, and auto ID cards to the folder structure configured for that proof type on a local drive. |
| Permission | Enables | Implications | Related |
| View | Full access to Procedures > Policy Checking > Policy Checking Comparisons | In this area, a user can view all Policy Checking Comparisons in the system and reassign a comparison from one user to another. Because personnel might misuse the ability to reassign comparisons to others, you may want to limit access to this area. | To use Policy Checking, you must have an Epic Policy Checking licence. For more information on obtaining a licence, contact sales@appliedsystems.com. |
To use integrated texting, your organization must have an Integrated Texting subscription. For more information on obtaining an Integrated Texting subscription, visit the Twilio section of the Partner Program page on the Applied Systems website.
| Permission | Enables | Implications | Related |
| Unrouted Messages | Access to Procedures > SMS > Unrouted Attachments. | This permission allows users to view and route their own messages and unrouted messages. If integrated texting is enabled in Configure > SMS > System Settings, all users who might receive text messages should be granted this right. | |
| View Unrouted Messages for Other Employees | Access to Procedures > SMS > Unrouted Attachments to view SMS and MMS messages for all other employees |
This permission allows users to view and route messages for other employees and route unrouted messages. | |
| View Unrouted Messages for Structures | Access to Procedures > SMS > Unrouted Attachments to view SMS and MMS messages by structure | This permission allows users to view and route their messages and route unrouted messages sent to structures to which they do not belong. | |
| View Unrouted Messages for Unassociated Numbers | Access to Procedures > SMS > Unrouted Attachments to view Unrouted Messages | This permission allows users to view and route unrouted messages. These are messages that are not associated to a person or a structure. Therefore, without this permission, they cannot be viewed or routed. | |
| View Unrouted Messages for Bulk Use Numbers | Access to Procedures > SMS > Unrouted Attachments to view messages by bulk use number | This permission allows users to view and route contacts’ Opt-in and Opt-out replies to invitations for Account Messages and Insurance Marketing Alerts and contacts’ requests to start or stop conversational text messages. |