Because Axon collects data from thinkers that is used to reveal their thinking preferences, it is important that we have good processes in place to manage the privacy and security of that data. This article discusses some of the security features we have built into the Axon. It's focused primarily on the application itself, rather than the security of the underlying servers and network. The goal is to help Herrmann team members in affiliate offices communicate clearly about the businesses processes we have in place to protect user data, and how the system supports and manages those processes.
Although the audience is internal, nothing about this document is sensitive or secret, so it can be shared in part or in whole with any clients, although they may not have access to some of the areas of the application shown or discussed.
Practitioners and Thinkers
Before digging into the security features of Axon, it's useful to understand that there are two main kinds of users of the Axon system, Thinkers and Practitioners.
Thinkers are simply users taking the assessment. A thinker only gets access to their own data, and can't see anyone else's information. Ultimately thinkers get to decide who can see their data, and have the right to revoke access from anyone, including the practitioner who originally invited them.
Practitioners however, have access to data from a number of thinkers, generally within a limited set of companies, departments, or other organizations. From Axon's perspective Practitioner users include both our certified practitioners, and their support staff who may need access to the Practitioner Portal to organize assessment invitations, to pull profiles to help the practitioner prep for debrief, and to perform other administrative tasks. Practitioners are presented with a document of Guiding Principles that they must agree to in order to access Axon and process data. If those Guiding Principles are updated, the Practitioner is presented with that document again in order to consent to these principles. (The addition of GDPR requirements may be an example of when the Guiding Principles would be updated.)
Data Roles and the Organizational Tree
At the heart of Axon's security setup is the organization tree found at [data roles]
This tree is meant to loosely represent the real world organizational hierarchies of the groups and companies that Herrmann works with. Each company gets it's own branch in the tree, and can have other branches under it to represent different departments or groups within the company.
This tree is managed by staff in each of the Herrmann affiliate offices. Each office is responsible for ensuring the portions of the tree tied the their clients are up to date, accurate reflections of the actual clients they're working with. They can create new branches, move existing branches, etc., as necessary.
Each branch in this tree is called a Data Role. This name is a little clunky, and something we plan to change, so for now just think of Data Roles as Organizations. We'll use the terms interchangeably throughout the rest of this article
How do Practitioners get access to data?
With this tree in place, we can organize our practitioners and assessments inside of it to control access. Herrmann team members assign each practitioner one or more data roles when they first set up a practitioner's account. The practitioner can see all the data in those roles, as well as any of the roles below it. So looking at the screen shot below.. (a practitioner at the parent branch, can see everything in the children)
Herrmann team members can edit a practitioners data roles as necessary, to give them access to more data, or to remove their access from data.
While Herrmann team members setup practitioners and their data roles, it's the practitioners themselves who decide where a given piece of data should be placed in this organizational tree. When practitioners create an invitation, they assign one or more data roles to that invitation
Any assessments or assessment groups generated from the invitation will automatically be placed in each of these data roles. This means it will be visible to anyone who has access to the part of the organizational tree, either directly, or indirectly through a higher up branch.
If for some reason the data needs to be moved after creation, things get a little more complicated. Practitioners can directly edit the data roles assigned to their invitations or assessment groups. However, this will not actually edit the data roles of the assessments generated by the invitation, or the assessments inside of a group. The only people who can move an assessment are Herrmann staff with the appropriate permission.
What can thinkers do to manage the privacy of their data?
Herrmann's policy is that thinkers are ultimately the ones who own their data, and they have the right to determine who can and cannot see any of their results. At this point however, Axon lacks strong tools to let the user manage this sort of thing directly through the user interface, and any changes to who can see their data have to be performed by Herrmann support staff.
In this situation, our policy is that thinkers should be able to ask which organizations can see their data, and be provided a full list of all data roles assigned to their assessment, and any parent data roles that can see the assessment as a result. They should also be able to request any of the directly assigned data roles be removed from the assessment or that the assessment data be deleted entirely. Note Axon does not support "blocking" a particular parent organization from seeing the data, while allowing the children to continue seeing the data. To restrict data from a parent organization, the assessment must be removed from the child data role.
Eventually, we want to build a user interface that will allow thinkers to self-manage these sorts of requests, which will follow the same principles as the manual process above, but until that exists we will rely on the manual processes defined above.
Future Products and Security Implications
Since Axon is an evolving platform, and Herrmann is developing new products regularly, its likely we'll need to regularly revisit these security features. However, as we do so, we plan to keep in mind a few core principles that we've outlined below.
- For non-practitioners to get access to another thinker's data will always require an opt-in process. We'll never automatically share a thinker's data with non-practitioners without their awareness and consent.
- Practitioner access to data will be an opt-out process, since practitioners are an essential part of delivering our products. Thinkers can choose not to let a practitioner see their data, but it may mean we are unable to deliver their results. As long as we communicate clearly to thinkers who the practitioner is and why they are important, an opt-out process will generally be the best approach, since they've already "opted-in" by taking the assessment in the first place.
- In general from a practitioner perspective, we'll be asking thinkers to grant access to "organizations" rather than individuals. This is because for internal practitioners their may be turnover in the positions responsible for delivering and managing the data, and for external practitioners their may be administrative staff beyond the practitioner who may not be familiar to the thinker.
- Practitioner access to data will always be closely managed by Herrmann team members to ensure our practitioners are handling data responsibly, and so we can hold them accountable for failure to be good stewards of thinker data.
Was this article helpful?
Articles in this section
- Getting Started as a Practitioner in the Herrmann Platform
- List of Compatible Browsers
- Video Tutorial - General Navigation in the Herrmann Platform
- The Herrmann Platform: Technical Information for Organizations and Their IT Departments
- Herrmann Return and Refund Policy
- How often should I take the HBDI®?
- Security, Privacy and Axon
- Herrmann Product Release Notes 2023-2025
- My Thinkers Need a User Account for Axon to Access Their Previous HBDI®, HBDI® Digital & the Mobile App
- The Practitioner's Guide to Axon's Batch Registration for Migrated Assessments
Add comment
Article is closed for comments.