The Cleaning Validation Platform is intended to provide Ecolab customers with access to sensitive product documents. Each customer is given individual access to the products enabled for them and the associated documents and information. Ensuring limited access was one of Ecolab's crucial points in this project. The Cleaning Validation Platform is characterised by an extremely complex, granular and multi-stage user group concept.
The Ecolab Cleaning Validation Platform for the Life Sciences & Pharmaceuticals division was redesigned by Marketing Factory from 2019 to 2020, and launched on the basis of TYPO3 version 9.5 LTS. The portal was already running in an outdated form on TYPO3 version 8.7, but due to legacy software, the decision was made to do a full re-installation instead of migrating it.
TYPO3 had already proved in previous years to be ideal as a content management system – not least because of its clearly defined user role concepts and extensive file management functionalities.
Version 9.5 LTS of the TYPO3 content management system was used for the launch of the Ecolab Cleaning Validation Platform. TYPO3 had already proved itself as a suitable system in the past.
Special attention was paid to user management and access rights in this project, as it is essential for Ecolab that customers only have access to files enabled for them.
The frontend was implemented on the basis of Bootstrap and the existing design was modernised.
Document search is a special feature of the Ecolab Cleaning Validation Platform. Here, users have the option of using a search screen to search for specific documents on certain products instead of having to click through the product-related download lists. We identified two document types: Certificates of Analysis and Product Information.
In this case, Solr was set up for the corresponding product line and product pages so that documents are pulled from the Fileadmin using the file path. The document search also had to respect the extensive access rights and prevent unauthorised access to sensitive product data.
An extended user administration was implemented in the platform’s frontend via a specially written TYPO3 extension based on features TYPO3 already provides to users.
TYPO3 frontend user groups are used to represent customers, to which the products, also mapped as user groups, are then assigned. Thus, several accounts (TYPO3 frontend users) can be created for each customer, which are assigned to the respective customer's TYPO3 frontend user groups and automatically give them access to the relevant products. Administrators can manage regional managers if desired (also TYPO3 frontend users).
The TYPO3 extension also provides a form for managing your own information in the frontend (self-service).
The MacoCalculator (short for MAXIMUM ALLOWABLE CARRY OVER - CALCULATION) calculates the "mathematically calculated residue level of a product previously used, which can be transferred to a patient by another product, and the potential risks that this poses for the patient". The MacoCalculator is a dynamic, 3-step form for calculating this maximum residue level.
A TYPO3 extension was developed for the mathematically calculated residue level of a product previously used, which provides a multi-level form in the frontend of the platform via a plug-in.
2FA backend authentication
To further increase the security of the TYPO3 backend and prevent unwanted access to the system, we additionally implemented 2FA backend authentication using the Google Authenticator. In addition to their existing backend login data, users also need to enter a unique code from the Google Authenticator app to access the backend.
The TYPO3 extension secure_downloads created by Leuchtfeuer Digital Marketing GmbH was installed to prevent unauthorised access to the sensitive product documents.
The extension itself provides access to files and folders via which it can check beforehand, with the help of TYPO3, if the user is logged in and if they have permission to access the respective file. The actual access to the files is blocked via the web server, so that no unauthorised downloads can take place.
There is also a module in the backend which can be used to display file access and statistics.