integrated banking software core banking software
The leading banking software by

PRODUCT - Functions



Security & Audit Trail

Security
OLYMPIC makes use of JAAS and JCE industry standards in order to manage authentication and security:
Authentication details:

  • JAAS used for authentication and authorisation
    • Modular and configurable process
    • Software and hardware involved
    • Databases (user/password)
    • Enterprise directories via LDAP.

Each request is executed in association with an authenticated and authorised user.

  • JCE is used for securing the system (the bank is given the choice of security provider)
  • Stored passwords (if implemented) are encrypted
  • En/decryption keys are in a dedicated key store
    • Key store is password-protected
    • Key store password is in the configuration data.

Functionality level access details:

  • Permissions' domains
    • Permission domains are a set of rights and vetoes to be added to a user menu profile in order to make it more precise
    • Based on OLYMPIC concepts: functions and services
    • Managed in the OLYMPIC Management Console
    • Hierarchical level and inheritance
    • OLYMPIC menu is built according to user permissions/domains
  • Business level access
    • Client level
    • By centre
    • By management group
    • By agent
    • By manager
  • Product level
    • Product family
    • Individual Product
  • Operation code level

The above list of security features represents an overview of the possibilities and is not intended to be exhaustive.

The OLYMPIC security system provides comprehensive coverage including:

  • Definition of individual user IDs and user groups
  • Authorisation levels
  • Menus tailored to facilities that are authorised
  • Access to parameter tables
  • Access to account types
  • Access to special facilities, e.g. order input, memo updates, renewal instruction updates, etc.
  • Access to operation types
  • Access to static data sub-menus
  • Authority within transaction processing cycle
    • Input/control access
    • Size of transactions
    • Signed or unsigned agreements linked to communication mode
  • Access restrictions for agents, managers, departments, employees, clients, etc.

Audit Trails
A full internal audit trail is maintained for all transactional data updates. At every stage of transaction processing, internal status checks are performed and maintained. All interactions with OLYMPIC generate an audit trail, for tracking and tracing purposes. Logging transactions carry the following information:

  • Transaction ID
  • Transaction data (contents)
  • Handled by
  • Date of handling
  • Place of handling
  • Initial input, eventual modifications and/or cancellations, maturity.

This information is stored and can be accessed online.
Logging/audit trail is done for:

  • Changes in authority
  • Overruling (including the warning message that was overruled)
  • Illegal or unauthorised attempts
  • System actions
  • System interference by operator.

Security & Audit Trail - OLYMPIC makes use of JAAS and JCE industry standards