ID Card Issuing Process/Photo uploading, Application terminal IP restriction

Reissue of ID cards(Suppose address, name or assignment changes)

Summary

 * For an individual, a company, a university or an official body, etc. reissues an "identification card attached a photo (an ID card)".


 * Address, name or assignment changes are expected regardless of loss.
 * A numeric password (PIN: personal identification number) is registered in the ID card.


 * In the organization itself, ID card issuing machines produce cards.

People in charge of the process (Participants)

 * ID card recipient: any-section@company.com
 * Superior of the ID card recipient: any-section-leader@company.com
 * Located service desk: service-desk@company.com
 * ID card issuing center:　id-center@company.com

Process Owner
The director of the personnel department is considered as responsible for "Process model improvement", "Process risk management" or "Grasp of the realities" although s/he does not take part in the process as a Participant.
 * Director of the personnel department

In some organizations, the whole "ID card issuing center" is outsourced, and the personnel department does not take part in it at all.

Possible Risks

 * Unauthorized issue by spoofing: by stealing personal details, a third party illegally issues an ID card.
 * Unauthorized issue by an internal person: a clerk illegally issues an additional card.
 * Arrival failure because of a steal: a third party intentionally steals the card, and it does not arrive at the recipient.
 * PIN leakage: the PIN leaks to a third party.
 * Delay: piling up in the middle of the office work.

Details

 * If necessary, suspending the authorities given with the issued ID card (e.g., entering/leaving a room).


 * Requiring written reasons for reissuing (playing a role as a written apology) and a photo (JPEG/PNG).


 * E-mail notification telling the date and place for receiving the card.


 * Handing after a face-to-face authentication.

Diagram
digraph TMPG { graph [size="10,15", rankdir=LR]; node [shape=box, style=rounded]; edge [labelfloat=true];

subgraph clusterAA { subgraph clusterA { labeljust=l; label="any-section@company.com (ID card recipient)"; AS [label="", shape=circle, width="0.3"]; A1 [label="A1: Reissue\nSelf-application"]; A2 [label="A2:Completing a written apology\nEntering photo data"]; Am [label="Am:Notification\nE-mail", shape=ellipse, style=dotted];

AS -> A1 ; A1 -> A2 [arrowtail=odiamond, label="(any case)",weight=10]; A2 -> Am [style=invis,weight=10,minlen=2]; }

subgraph clusterL { labeljust=l; label="any-section-leader@company.com (Superior of the ID card recipient)"; Lm [label="Lm:Suspension telling\nE-mail", shape=ellipse, style=dotted]; L1 [label="L1:Approval"];

Lm -> L1 [style=invis]; }

A1 -> Lm [arrowhead=onormal, style=dotted];

}//endof AA

subgraph clusterS { labeljust=l; label="servise-desk@company.com (Located service desk)"; SS [label="", shape=circle, width="0.3"]; S1 [label="S1:Reissue\nProxy application"]; S2 [label="S2:Face-to-face authentication\nHanding"]; SE [label="", shape=circle, width="0.3", style=bold];

SS -> S1 ; S1 -> S2 [style=invis, minlen=4]; S2 -> SE ; }

subgraph clusterII { labeljust=l; label="(Double-check/Mutual check)"; subgraph clusterI { labeljust=l; label="id-center@company.com\n (ID card issuing center)"; I1 [label="I1:Card function\nSuspension task"]; IE2 [label="", shape=circle, width="0.3", style=bold]; I2 [label="I2:\nApplication contents confirmation"]; I3 [label="I3:\nRegistered mail"]; IE [label="", shape=circle, width="0.3", style=bold];

I1 -> IE2; IE2 -> I2 [style=invis,weight=10]; I2 -> I3 [style=invis,weight=10]; I3 -> IE; }

subgraph clusteri { labeljust=l; label="id-center@company.com"; i1 [label="i1:ID card issuing"]; }

I1 -> i1 [style=invis]; }//endof II

A1 -> I1 [arrowtail=odiamond, label="Urgent\nSuspension", tailport=s,headport=w]; S1 -> I1 [arrowtail=odiamond, tailport=s,headport=w]; S1 -> A2 [arrowtail=odiamond, headlabel="(any case)\n.", tailport=e]; A2 -> L1 [tailport=e]; A2 -> L1 [dir=back, arrowtail=normal, arrowhead=odiamond, taillabel="\nNG", tailport=s,headport=w]; A2 -> I2 [dir=back, arrowtail=normal, arrowhead=odiamond, tailport=s,headport=w]; A2 -> i1 [dir=back, arrowtail=normal, arrowhead=odiamond, tailport=s,headport=w]; L1 -> I2 -> i1 -> S2 [arrowtail=rcrowlvee]; i1 -> Am -> S2 [arrowhead=onormal, style=dotted]; i1 -> I3 [arrowtail=odiamond, headlabel="\nRemote correspondence", tailport=e,headport=s];

S1 -> {Lm L1} [style=invis,weight=100]; S1 -> I1 -> S2 [style=invis,weight=100]; }

Data
In the following table, it is assumed that the UID and the recipient employee numbers* are related in a ration of “1 to N”. In other cases, the recipient employee number is not required.
 * E.g., an employee number includes the assignment section code.