Unauthorized access

If an unauthorised party manages to authenticate against Flinn, or otherwise reach data they should not see, the confidentiality and integrity of regulatory work can be compromised. This can lead to data theft, undetected modifications and downstream non-compliance.

Hazardous situation: Unauthorised changes or data theft occur because a user without appropriate rights gains access to sensitive regulatory data.

• Identity-bound access control. Each user is mapped to a defined role and permission set that grants only the access required for their work. See Roles & Permissions for the model and configuration steps.
• Audit trail. Every relevant action is recorded in a tamper-resistant log. The Audit Trail supports both detection of anomalous behaviour and after-the-fact investigation.
• Personal data safeguards. Information stored in Flinn is protected by technical and organisational measures aligned with applicable regulations. See How is my personal data protected?.
• Baseline access requirements. Flinn enforces minimum software and access requirements on the client side. See What are the software setup requirements to use Flinn? and the recovery path described in I cannot access Flinn anymore, what should I do?.
• Report suspected misuse. If you observe activity you did not perform, or suspect that a credential has been compromised, Report a problem or a bug immediately or open the in-app chat — see What is the web chat?.

For related residual risks see Data breach and Privilege escalation.