SOAR (Scottish Online Appraisal Resource) is encrypted in two ways: the system itself is encrypted, and any files that are uploaded are also separately encrypted.
Files uploaded to SOAR are only accessible to the appraisee (the user themselves). Files submitted to an appraisal interview are ONLY accessible to the appraiser and appraisee for that appraisal. So for example, if you uploaded files to share with your appraiser this year, and next year you have a new appraiser, he or she will not have access to the files you shared with this year's appraiser.
With regard to security, we strive to ensure our security protocols are kept up-to-date. Once a year SOAR is subjected to external security testing (as per NES policy), and if there are any weaknesses found we ensure these are fixed ASAP. We fix any high level issues identified immediately, and fix/address all other issues in the security report before the end of the fiscal year.
Whilst we try our best to ensure SOAR's security is as current as possible, we also need your help with protecting the security of the system.
Google has a special tool (Google Analytics) which we use to monitor where our website visitors are accessing our resources from (e.g. number of users accessing SOAR from UK, Spain, USA etc; number of times a particular page on the Medical Appraisal Scotland website had been visited etc), and the way this works is that when you visit a page on SOAR or the Medical Appraisal Scotland website, a piece of script (called cookie) is used to gather information on where the user is from. This information is used on an aggregated basis and is NOT used to identify individual users of the system.
Each user role on SOAR is assigned by an administrator, either locally at Health Board level, or via NES at system admin level. We ask new users to the system to complete a login request, but they cannot add themselves to SOAR. This helps us ensure the system is used by the correct people for the correct/intended purpose.
Within each user role, a user can access certain resources and functions. Naturally, they will also be prevented from accessing other information and details on SOAR that do not relate to them. For example, a Trainee user will not be able to assign an appraiser to an appraisee (this is done by administration teams); similarly, an appraiser will not be able to access information or documentation for users that are not linked to them.
For a full list of roles and access rights for SOAR users, please download and review the PDF document below.
SOAR Permissions Overview
version 2
Date updated: 21/03/2022
Size: 109410 - KB
Type: pdf
This page was last updated on: 08/04/2022
