Configuration Guidance


Intended Audience

End Users and Software Suppliers

Date of Change

29 August 2021  (NMVS version 1.09)

Configurations

The UKNI MVS has a small number of configuration parameters that differ from the default configuration of the Arvato NMVS Blueprint system. These are as follows:

Configuration Item      Default Value  UKNI Value
Double Dispense Limit 2 3
Typographical Tolerance (for Manual Transactions) 2 5
Password Minimum Length 8 10
Password Reminder 10 days 30 days
Password Validity 90 days 365 days

Double Dispense Limit

This parameter defines the limit of how many times a distributor (e.g. wholesaler, pharmacy) can re-execute decommissions for the same pack with the same transaction type (e.g. dispense) without causing an alert. 

The value has been set to 3 for the UKNI MVS. In addition to the first decommission attempt, this allows for up to 3 additional attempts to decommission. This means that on the 5th attempt to decommission the same pack an alert will be raised (1 x successful, 3 x double transactions, then alert).

Please note: There is no time limit for the double scan counter. e.g. The first scan could be executed in January and the 5th scan in July would generate an alert.

Typographical Tolerance – Manual Transactions Only 

This parameter defines the limit of how many times a distributor can mis-type the pack details with the same transaction type (e.g. G112, G122) without causing an alert. The value has been set to 5 for the UKNI MVS. This means that on the 6th occurrence of an error an alert will be raised.

Please note: There is no time limit for the typo counter.

Password Minimum Length 

This parameter defines the minimum length (number of characters) of passwords for UKNI MVS users. For the UK this has been increased to 10 characters. This length has been set to match industry best practice on password minimum length, with anything below 10 characters being considered weak.

Password Reminder 

This parameter defines the number of days prior to the expiration of the current password that a UKNI MVS user will receive a notification. This value has been set to 30 days for the UKNI MVS.

The notification is delivered both via Web-GUI and via web service transactions during the 30 day period before the current password expires.

Password Validity 

This parameter defines the number of days a password is valid. The password validity for the UK MVS has been set to 365 days – meaning that after 365 days the new password will need to be changed again.

This is longer than may be expected for a user password but in our situation normal access to the UKNI MVS is system-to-system so regularly changing passwords will present an unreasonable overhead for end user system administration. This longer cycle is deemed acceptable given that multi-factor authentication is enforced, i.e. the requirement for a certificate.