What’s new

Sep 2020 - version 7.0.1

A minor update to fix a couple of issues to do with trials hosted on remote hosts.

Jul 2020 - version 7.0.0

Trials summary page

Trials are now shown on different tabs by environment (all, live, staging). Only new trials will appear in more than one environment. Existing trials still require the user to log in to the live or staging environment separately.

All roles associated with selected user accounts on the users page can be suspended or activated. A badge is shown next to inactive accounts (those that haven’t logged in for more than 6 months). This makes it easier to suspend all access for staff that have left or are no longer involved in an organisation’s trials.

Multiple selected roles for a trial can be suspended or activated at once. This is useful at the end of a trial to suspend access to all investigators for instance.

Notification accounts can be created for multiple sites. Previously it was only possible to receive notifications for all sites or one chosen site.

Invitation to new role

Users are now invited to new roles when they already have an account. They no longer have access or receive notification emails until they have accepted the invitation. They can also choose to decline invitations.

Tables showing user accounts and roles can now be downloaded as CSV or Excel files.

We no longer allow a duplicate role to be created for a user and we removed the site selection control from the statistician role as this was ignored by data downloads. We removed the general link to our website in password reset emails to avoid users getting confused about which link to click to reset their password.

Jul 2019 - version 6.3.1

Fixed an issue that could cause an error on the My Account page when the browser agent string was not recognised.

Validation certificates

We now produce a validation certificate for each release. This confirms the software was produced according to our SOPs and has passed all of our internal testing procedures.

March 2019 - version 6.3.0

We changed the way we check for whether the user’s browsers has cookies enabled. Cookies are required to be able to log in.

November 2018 - version 6.2.2

Fix for an intermittent problem with the password strength meter always showing the entered password was weak.

September 2018 - version 6.2.1

A minor update to help with testing subject entered forms.

July 2018 - version 6.2.0

The location information associated with your IP address has been updated to show a country flag 🇬🇧 and the name of your internet service provider (ISP). For those of you who work at large organisations the location shown is often related to the ISP rather than you.

Mobile numbers and security codes are now redacted when an administrator views the audit log.

June 2018 - version 6.1.0

A timezone setting has been added to user accounts so you can see times in the Access interface (such as times of your recent log ins) in your own timezone.

Some people were getting the test and live environments mixed up. A warning is now shown on the log in page for test systems to hopefully reduce confusion.

Some tweaks were made to the security code text messages for compatibility with North American mobile networks.


March 2018 - version 6.0.0

This update is all about security, making it easier for you to keep your account secure and recover from that common modern affliction – forgotten passwords.

Forgot password screen

You can now recover your own password using the Forgot your password? link on the log in page, provided you have added a back-up email or mobile phone number to your account to receive security codes. If you haven’t done this you can still ask an administrator to reset it for you.

We’ve added a help page on ways you can keep your account secure. Check it out for some hopefully helpful advice.

No more forced password changes (maybe)

Security guidance has finally caught up with common sense and heavy-weight bodies such as NIST in the US and the UK Government now advise against periodic enforced password changes. Why? Because making passwords expire means people tend to forget their new passwords, pick simple variations on their previous password, and are more likely to write them down on a sticky note.

Unfortunately some standards such as 21 CFR Part 11 contain requirements to enforce regular password changes, and so we have made this a trial level setting. We’ll be asking customers whether they need to enforce regular password changes when we set up new trials. Customers can also ask us to turn off enforced changes for existing trials.

Watch over your account

Globe

We’ve added a recent log ins section to the My account page which shows where and when you logged in from. If you think something suspicious is going on, this is the first place to check. We also show you the last time you logged in when you log in.

We now send you emails when things change concerning your account including:

  • Changed account information
  • Changed password
  • Account suspension because of too many failed log in attempts

If you see any of these emails when you weren’t expecting them, you should channel your inner Sherlock and investigate.

Other changes and bug fixes

  • Older versions of Access are being retired and user accounts will be migrated to the latest version. We’ll be in touch with customers affected by this change with more details.
  • We’ve refreshed the way Access looks, and reduced the space each trial takes up on the trials summary page
  • Search added to the trials summary page when there are more than 3 trials. Pagination added with 12 trials per page.
  • User’s can now change their own name (an administrator had to do it before)
  • Deleted roles and notification accounts are now shown in the audit log
  • The dictionary used to check for weak passwords has been interfrastically updated
  • Invitation links are now sent to new users rather than passwords. Invitations expire after 2 weeks but can be renewed by administrators or cancelled.
  • Subject entered forms invitation links now always take the user to a welcome screen with a button to start the survey (previously this screen was only shown if a memorable word was set). This prevents issues with email previews or virus checkers visiting links and inadvertently logging in as a subject.
  • A subject who has logged out after entering forms is shown a finished message and no longer shown the usual user log in page if they try to visit a protected page
  • Log in throttling should help prevent bad guys from trying automated password guessing to break into accounts
  • We fixed an issue for users with longer timeout intervals for their trials. Access now also respects these longer timeout intervals so you can enjoy being logged in for longer.
Page updated 25 Aug 2020