Process and/or tools for protected data

Hi Bruce. I have dealt with this some in my consulting. Keeping Lawson and related systems/servers segregated and protecting sensitive data is certainly a challenge. Some organizations have been more successful than others, and it's actually more of a discipline/mindset/culture issue than a technical one. Lawson has some specific and unique bad practices that make it very difficult to properly implement and enforce security policies.It takes a lot more work to purposely move data through the organization judiciously vs. just setting up Lawson on a Windows domain and using domain admin accounts on shared drives (yes, i see this all of the time). In organizations where it has been done successfully, it involves isolating Lawson and related servers to their own partitioned networks, fire-walled from the rest of your network, encrypting at various points (database, flat files, etc.) and only opening up specific paths for data that needs to flow. In some organizations, all data exchange is done from with the Lawson environment (i.e. a process initiated from the Lawson network looks for incoming data--files are not just dumped into Lawson). Some organizations go even further and "air gap" their processes by using USB keys to transfer files, with multiple manual scanning/checkpoints. It is a fascinating topic.

The PHI/PII information on the bill only POs for implants is our major pain point. We have hidden several of the fields in RQC but we cannot control what goes in comments. This is always the reason cited for us not being able to rollout mobile apps - the open port to the server is considered too big a risk for the data.