Configuration Guidance v2
Intended Audience: End Users and Software Suppliers
Date of Change: 20 August 2019
Configurations: The UK MVS has a small number of configuration parameters that differ from the default configuration of the Arvato NMVS Blueprint system. These are as follows:
|Configuration Item||Default Value||UK Value|
|Double Dispense Limit||2||5|
|Typographical Tolerance (for Manual Transactions)||2||5|
|Password Minimum Length||8||10|
|Password Reminder||10 days||30 days|
|Password Validity||90 days||365 days|
Double Dispense Limit: This parameter defines the limit of how many times a distributor (e.g. wholesaler, pharmacy) can re-execute decommissions for the same pack with the same transaction type (e.g. dispense) without causing an alert.
The value has been set to 5 for the UK MVS. In addition to the first decommission attempt, this allows for up to 5 additional attempts to decommission. This means that on the 7th attempt to decommission the same pack an alert will be raised.
Please note: There is no time limit for the double scan counter. e.g. The first scan could be executed in January and the 7th scan in July would generate an alert.
Typographical Tolerance – Manual Transactions Only This parameter defines the limit of how many times a distributor can mis-type the pack details with the same transaction type (e.g. G112, G122) without causing an alert. The value has been set to 5 for the UK MVS. This means that on the 6th occurrence of an error an alert will be raised.
Please note: There is no time limit for the typo counter.
Password Minimum Length This parameter defines the minimum length (number of characters) of passwords for UK MVS users. For the UK this has been increased to 10 characters. This length has been set to match industry best practice on password minimum length, with anything below 10 characters being considered weak.
Password Reminder This parameter defines the number of days prior to the expiration of the current password that a UK MVS user will receive a notification. This value has been set to 30 days for the UK MVS.
The notification is delivered both via Web-GUI and via web service transactions during the 30 day period before the current password expires.
Password Validity This parameter defines the number of days a password is valid. The password validity for the UK MVS has been set to 365 days – meaning that after 365 days the new password will need to be changed again.
This is longer than may be expected for a user password but in our situation normal access to the UK MVS is system-to-system so regularly changing passwords will present an unreasonable overhead for end user system administration. This longer cycle is deemed acceptable given that multi-factor authentication is enforced, i.e. the requirement for a certificate.