Central login
A central login route for ResiNotes users, connected to the services and homes they are authorised to access.
Security and audit
Accountability and secure hosting foundations.
Residential care buyers and managers need confidence. ResiNotes describes security and audit at a high level here, without exposing sensitive routes, internal screens, implementation details or hosting provider names.
Trust foundations
Access, visibility and evidence preparation.
The public message is simple: the system is being shaped so the right people see the right records, and important actions leave a useful trail.
MFA and email OTP
Multi-factor and one-time passcode concepts support stronger account access where appropriate.
Confidentiality acknowledgement
Users can be asked to acknowledge confidentiality expectations before entering sensitive care areas.
Tenant and home selection
Users work in the correct organisation, service and home context before recording or reviewing information.
Role-based permissions
Access is shaped around roles, service responsibilities and authorised visibility.
Sensitive record restriction
Sensitive records can be separated from standard views and restricted to authorised safeguarding access.
Audit events
Important user, admin, security and record actions can be tracked to support review.
Export reason logging
Export and recall activity can ask for a reason, helping managers understand why information was produced.
Manager oversight
Managers can be given routes into review queues, late entries, restricted records and activity patterns.
Disabled user principle
Disabled users should no longer have routine access while audit history remains preserved.
Future external oversight
External oversight access is a future concept and would be manager-controlled, purposeful and limited.
High-level technical access
Developer-level access is reserved for controlled technical administration and is not described as a routine service role.
Hosting-layer protection
Secure benefits around the public website and service environment.
Alongside application-level controls, ResiNotes can describe the wider hosting and infrastructure protections in plain English, without naming the provider or publishing operational detail.
SSL and HTTPS
Encrypted connections help protect information in transit between the visitor, user and service.
Backups and recovery
Routine backups support resilience and recovery if files, data or the public website need to be restored.
DDoS protection
Network-level protection helps reduce the risk of malicious traffic disrupting availability.
Firewall configuration
Firewall rules and hosting controls add a protective layer around public-facing services.
Malware scanning
Scanning helps identify suspicious or unwanted files so they can be reviewed and addressed.
Patch and maintenance support
Managed maintenance and patching concepts help reduce avoidable exposure from outdated components.
Monitoring
Service monitoring supports earlier awareness of availability, performance or security concerns.
Physical infrastructure security
Secure data centre principles add another layer of protection around the systems that host the service.
Layered protection
No single control carries the whole burden. Security is stronger when access, hosting, monitoring and audit work together.
Careful wording
Security content should build trust without publishing a map.
This page avoids route names, security screenshots and operational secrets. It focuses on principles: account control, role-based visibility, audit foundations and manager oversight.
- No secure route screenshots used on the public site.
- No sensitive implementation details published.
- No promise that software alone creates compliance.
- Clear language around oversight, evidence preparation and audit-ready foundations.