Secure File Upload
When a new file is uploaded into Safefood360°, it is scanned by Microsoft Virus Defender. Files may be uploaded to Safefood360° in many ways, including:
- 'Actions>Add Attachment' Button in a Record, e.g. Pre-Assessment, Full Assessment, Supplier Audit, Supplier Corrective Action, etc.
- 'Attach/Add Link' Button in a Risk Assessment, e.g. Risk Assessment Absence of Control, Risk Assessment Presence of Control, etc.
- 'Add File' Button in a Doclist, e.g. Pre-Assessment, Full Assessment, Supplier Audit, or in a Supplier Corrective Action.
- 'Replace' Button in a Document Review Record.
File Scan
When you have attached a file and click to upload said file, a pop-up screen will appear informing you that the file is being uploaded. During this upload, the file is being scanned by Microsoft Virus Defender. You must wait until the scan is completed before moving off the page.
Image: Scanning Pop-Up
File Scan Success and Failure
If a file scan fails, the file is removed from where it was originally uploaded. However, the file name will remain visible, along with the text '[Removed by Virus Scan]'. The file can not be downloaded or previewed from here.
Image: Example of Successful File Scan and Failed File Scan in Pre-Assessment
Notifications to User and Audit Log Entry
An automatic system email notification is generated to the User who adds a file that has been rejected by the virus scan. The email will contain a message that the file has been removed, with a link to the corresponding Record. Therefore, if a Supplier has attached a file that fails the virus scan, they will receive an email notifying them of this failure. An action is also populated in the 'My Actions' tab on the Main Dashboard of the User who uploaded the file.
Image: Automatic System Email Notification
Any uploaded files that fail the virus scan check is removed from the site and a corresponding Audit Log entry is recorded on the Record to indicate this. This allows Users to have an explicit trail or log of when and how a file has been removed from the application.
Image: Automatic Audit Log Entry
File Type Validation
When any new file is uploaded to a Safefood360° site at any location, it is first validated based on file type against a file type white list. Where the uploaded file type matches a file type on the file type whitelist, the file is allowed to be attached.
Whitelisted File Types:
- Document:.doc, .docx, .txt, .rtf, .odt
- Excel:.xls, .xlsx, .csv, .ods
- PDF:.pdf
- Powerpoint:.ppt, .pptx, .odp
- Images:.bmp, gif, .jpg, .jpeg, .mac, .png, .psd, .psp, .tif, .tiff
- HTML:.htm, .html,
- Email:.msg
- Visio:.vsdx, .vsd
- Publisher:.pub
When the uploaded file type does not match a file type on the file type whitelist, the file is not allowed to be attached and a message is displayed to the User prompting them to upload another file.
Image: File Type Error
The allowable file size is restricted to 30MB. Files cannot be attached when the file size exceeds the allowable limit of 30MB. If a User attaches a file exceeding the size, a notification pops up to let them know the file exceeds the limit and to upload the file in an alternative format.
Image: File Size Error
