SecurMed

The UKNI MVS has a small number of configuration parameters that differ from the default configuration of the Arvato NMVS Blueprint system. These are as follows:

This parameter defines the limit of how many times a distributor (e.g. wholesaler, pharmacy) can re-execute decommissions for the same pack with the same transaction type (e.g. dispense) without causing an alert. 

The value has been set to 3 for the UKNI MVS. In addition to the first decommission attempt, this allows for up to 3 additional attempts to decommission. This means that on the 5th attempt to decommission the same pack an alert will be raised (1 x successful, 3 x double transactions, then alert).

This parameter defines the limit of how many times a distributor can mis-type the pack details with the same transaction type (e.g. G112, G122) without causing an alert. The value has been set to 5 for the UKNI MVS. This means that on the 6th occurrence of an error an alert will be raised.

Please note: There is no time limit for the typo counter.

This parameter defines the minimum length (number of characters) of passwords for UKNI MVS users. For the UK this has been increased to 10 characters. This length has been set to match industry best practice on password minimum length, with anything below 10 characters being considered weak.

This parameter defines the number of days prior to the expiration of the current password that a UKNI MVS user will receive a notification. This value has been set to 30 days for the UKNI MVS.

The notification is delivered both via Web-GUI and via web service transactions during the 30 day period before the current password expires.

This parameter defines the number of days a password is valid. The password validity for the UK MVS has been set to 365 days – meaning that after 365 days the new password will need to be changed again.

This is longer than may be expected for a user password but in our situation normal access to the UKNI MVS is system-to-system so regularly changing passwords will present an unreasonable overhead for end user system administration. This longer cycle is deemed acceptable given that multi-factor authentication is enforced, i.e. the requirement for a certificate.