MAINTENANCE AND SERVICE UPDATES

The next release, BinderCloud UAT v3.1, will be available from Monday 4th January 2016.

(BinderCloud UAT will briefly be unavailable between 6am – 9am on Monday 4th January while essential updates are processed)

The following items are included in this release and will be available in Production from Monday 18th January 2016:

• Virus Protection
• Terms & Conditions
• Multi-Factor Authentication
• Contract Import Template
• Carrier Performance
• Bordereaux Loaded Date

Virus Protection

The modern threat landscape for cloud environments is extremely dynamic, increasing the pressure on business IT cloud subscribers to maintain effective protection in order to meet compliance and security requirements. Microsoft Antimalware for Azure Cloud Services and Virtual Machines is a real-time protection capability that helps identify and remove viruses, spyware, and other malicious software. The real-time scanning process will work as follows:

1. A document which is uploaded directly into BinderCloud or via the web services API will not be available to open or download and will be shown in BinderCloud with its filename shown in grey. A new document status will be added – at this stage the value will be set to ‘not scanned’.
2. The documents will be checked to identify and remove viruses, spyware, and other malicious software. If any of these are found then the document status will be changed to ‘infected’. An email will be sent to the user advising them of the contract reference and any documents which are infected.
3. The user will then need to disinfect the file and upload a clean file into BinderCloud. The previous infected files will remain in the system but will be inaccessible.
4. If the document is a bordereau the loading and validation will be performed in parallel (subject to mapping being configured). As the file is handled as binary data no macros or executable files can be run so these may be processed successfully. If a cleansed bordereau is re-loaded then the user must select the ‘Revised bordereau’ option.
5. An entry in the audit log will be created for every document that is checked.
6. If no viruses or spyware are found then the status will be set to ‘clear’ and the document name will be shown in blue and will now be available to open or download.

Terms & Conditions

BinderCloud has previously operated under the premise that the subscribing customer is responsible for all Non-Customer Users (MGA/Coverholders, Brokers, TPA’s or Carriers) who they request to be granted access to the system. With the growth in the platform and the data provided being shared with multiple parties, the acceptance of these terms needs to be monitored and controlled per user. The login process will be as follows:

1. When a Non-Customer user successfully logs into BinderCloud they will be provided with a Terms & Conditions screen to Agree or Disagree
2. The user may download these Terms & Conditions and Print them if required.
3. When the user accepts these Terms & Conditions access will be granted access into BinderCloud and the agreement date will be stored onto their user profile. If the user rejects these Terms & Conditions then access into BinderCloud is denied.
4. When the user subsequently logs into BinderCloud, the system will check if the Terms & Conditions have been changed since the version accepted by the user. If they have changed then the Terms & Conditions screen will appear and the user will need to accept the latest terms.  If the user rejects these Terms & Conditions then access into BinderCloud is denied.
5. Terms & Conditions screen will not appear if they have not changed, the user logs in using a different device or browser or the user’s password expires or is reset.

Multi-Factor Authentication

Multi-factor authentication (MFA) is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism. Multi-factor authentication is designed to increase protection from online identity theft, and other online fraud, because the victim's password would no longer be enough to give a thief permanent access to their information. The login process will be as follows:

1. A Registration form is completed by the customer providing the user name, company name, company type (broker, carrier, Coverholder or TPA), email address, mobile phone number and access permissions
2. A new user will be created in BinderCloud (recording their mobile phone number) and advise the customer. If no number is provided the ability to authenticate by email will be chosen.
3. The BinderCloud system will automatically generate an email to the registered user with a link to the BinderCloud system
4. When the user logs into BinderCloud they will enter a username (their email address) and be requested to enter a password
5. The password must conform to the BinderCloud password rules (see below).
6. For existing users only: Once the password has been accepted, BinderCloud will generate a secret token message and send this by email.
7. BinderCloud will generate a secret token message and send this by email or text message to the mobile number provided. An ability to regenerate this message will be provided through the user interface for situations where the original message was not received.
8. Once the secret token message has been received, the user will enter this code into the authentication screen. If this code matches the token issued then the registration process has been completed successfully and the user will be granted access to BinderCloud. An authentication file is also stored onto the device containing the mobile telephone number and user id.
9. If the code entered does not match the token issued then access is denied, otherwise access is granted. After three failed attempts the users account will be locked and an email will be sent to the user.
10. When the user subsequently logs into BinderCloud, the system will check the file stored onto the device and access will be prevented where either the file does not exist or the details do not match (user name, email address or mobile telephone number). Note: Each browser has their own file storage mechanism so switching browsers will also require re-authentication 
11. If a user logs in using a different device or browser, then the authentication will be available to enable this device or browser to be registered.
12. If a user logs in and the authentication check is successful then access will be granted without the need for generating a secret token or entering the code issued during the registration process.
13. When the user’s password expires or is reset no secret token message is generated and the user is not required to re-enter their code issued during the registration process.
14. The authentication file which is stored onto the device has an expiry date set to 1 month from the last successful logon to BinderCloud for the user. If this expires the user will be required to re-authenticate their device. 

Password rules:

Passwords must be at least 8 character long

Passwords must contain characters from three of the following five categories:

• Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
• Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
• Base 10 digits (0 through 9)
• Non-alphanumeric characters: !"#$%&'()*+,-./
• Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

Password history: Last 12 passwords

Contract Import Template

Customers who use the BinderCloud Contract template to import Contract data via Microsoft Excel spreadsheets will now be able to provide the GWPI Limit EPI Limit values per Section.

Carrier Performance

This release fixes a problem with the performance of the system when logged in as a Carrier. The time it takes to navigate between pages on the main tool bar will now return to normal. This issue did not affect Broker or Agent users.

Bordereaux Loaded Date

The Bordereaux Loaded date provided in the BDX Monitor screen will no longer update when additional documents, including Revised and Supplementary, are loaded against a particular period.