App for a Smartphone or Ipad to Scan Barcodes and Enter Into MyOps...?

Started by Luis R. Ramos, May 26, 2016, 06:56:32 PM

0 Members and 1 Guest are viewing this topic.

Luis R. Ramos

I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?
Squadron Safety Officer
Squadron Communication Officer
Squadron Emergency Services Officer

RogueLeader

No.  OpsQuals and WIMRS are closed systems, and do not allow for outside aps to access the system.

There was one for the olde WIMRS 1.0, proflight or some such, but not workable for the system as it stands. 

As you need to verify which Facility, Gear, duty assignment, emergency contact info, etc, just scanning the barcode into WIMRS isn't going to save you much time at all.
WYWG DP

GRW 3340

Check Pilot/Tow Pilot

Quote from: RogueLeader on May 26, 2016, 07:14:11 PM
No.  OpsQuals and WIMRS are closed systems, and do not allow for outside aps to access the system.

There was one for the olde WIMRS 1.0, proflight or some such, but not workable for the system as it stands. 

As you need to verify which Facility, Gear, duty assignment, emergency contact info, etc, just scanning the barcode into WIMRS isn't going to save you much time at all.

While you are correct that WMIRS is a closed system all you are doing here is scanning a Barcode or QRcode and inputting that into a Form.

Standby for solution without a lot of documentation :)

Check Pilot/Tow Pilot

Quote from: Luis R. Ramos on May 26, 2016, 06:56:32 PM
I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon" and scan your first CAPID.
8. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.

Holding Pattern

Quote from: Mission/Tow Pilot on May 26, 2016, 08:05:05 PM
Quote from: Luis R. Ramos on May 26, 2016, 06:56:32 PM
I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon" and scan your first CAPID.
8. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Check Pilot/Tow Pilot

Quote from: Mission/Tow Pilot on May 26, 2016, 08:05:05 PM
Quote from: Luis R. Ramos on May 26, 2016, 06:56:32 PM
I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon"
8. Scan your first CAPID using the iOS devices camera.
9. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.

Check Pilot/Tow Pilot

Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
Quote from: Mission/Tow Pilot on May 26, 2016, 08:05:05 PM
Quote from: Luis R. Ramos on May 26, 2016, 06:56:32 PM
I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon" and scan your first CAPID.
8. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Use it or not, I don't care.

Phil Hirons, Jr.

Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

AKA Drag e-services into the 2000's.

With a proper API members would create apps like this.

Angus

Well if you're going to use the scanner app for entering purposes to ensure no typos, you can by a barcode scanner online.  I use one at work, granted all you'll get is the Member's ID number but it's a start.
Maj. Richard J. Walsh, Jr.
Director Education & Training MAWG 
 Gill Robb Wilson #4030

JeffDG

Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.
Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

Holding Pattern

Quote from: JeffDG on May 27, 2016, 01:17:18 AM
Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.
Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

JeffDG

Quote from: Starfleet Auxiliary on May 27, 2016, 09:35:08 AM
Quote from: JeffDG on May 27, 2016, 01:17:18 AM
Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.
Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.
That's what an API permits.

Once you publish an API, then anyone, vetted or not, can send and retrieve data via that API.  It's simply a matter of the user authenticating.  You cannot both publish an API and vet programs.

Brad

Quote from: Starfleet Auxiliary on May 27, 2016, 09:35:08 AM
Quote from: JeffDG on May 27, 2016, 01:17:18 AM
Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.
Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

I agree it would be awesome, although I'm just trying to figure out what the difference is between using an app on a phone to scan in a barcode vs typing it in manually via the same phone on the same eservcies web page. I just scanned both barcodes on my CAP ID card and all it gives me is my CAP ID, nothing to associate that with my name. So unless the concern is that the app is secretly data-mining the returned information AFTER the CAP ID is submitted on eservices/WMIRS....well aside from it being an understandable concern, that tells me that it is a security issue that needs to be addressed on the eservices/WMIRS side as much as on the side of the developer whose app is piping processed HTML data into their app, which is the same as an end-user simply right-clicking and choosing "View Source" after a record is pulled.
Brad Lee
Maj, CAP
Assistant Deputy Chief of Staff, Communications
Mid-Atlantic Region
K4RMN

RogueLeader

Quote from: JeffDG on May 27, 2016, 01:17:18 AM
The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

You do realize that there are only about 80ish paid members at NHQ, don't you?  The rest of the staff are the same unpaid professionals that both you and I am.
WYWG DP

GRW 3340

kwe1009

Quote from: Brad on May 27, 2016, 11:55:31 AM
Quote from: Starfleet Auxiliary on May 27, 2016, 09:35:08 AM
Quote from: JeffDG on May 27, 2016, 01:17:18 AM
Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.
Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

I agree it would be awesome, although I'm just trying to figure out what the difference is between using an app on a phone to scan in a barcode vs typing it in manually via the same phone on the same eservcies web page. I just scanned both barcodes on my CAP ID card and all it gives me is my CAP ID, nothing to associate that with my name. So unless the concern is that the app is secretly data-mining the returned information AFTER the CAP ID is submitted on eservices/WMIRS....well aside from it being an understandable concern, that tells me that it is a security issue that needs to be addressed on the eservices/WMIRS side as much as on the side of the developer whose app is piping processed HTML data into their app, which is the same as an end-user simply right-clicking and choosing "View Source" after a record is pulled.

Agreed.  A barcode scanner is just an input device like a mouse or keyboard.  There is zero PII that can be pulled off of the CAPID barcode. 

Holding Pattern

Quote from: Brad on May 27, 2016, 11:55:31 AM
Quote from: Starfleet Auxiliary on May 27, 2016, 09:35:08 AM
Quote from: JeffDG on May 27, 2016, 01:17:18 AM
Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.
Well, we allow unaudited systems (members) access to WMIRS all the time.  An API would simply let members optimize their effort and enter things once instead of the 8 different places WMIRS wants the same info.

And the "you can't do that on a .gov" is a complete myth.  Lots of .govs have APIs that allow 3rd party software to access.  The folks at NHQ are more afraid that unpaid professionals will show them up and make systems that actually work that they have been unable to do.

I'm not arguing against APIs. I'm arguing against using unvetted programs to enter data into .gov networks.

Note that members have gone through an FBI check. Random iOS developer has not.

eServices and its sub programs getting an API would be awesome.

I agree it would be awesome, although I'm just trying to figure out what the difference is between using an app on a phone to scan in a barcode vs typing it in manually via the same phone on the same eservcies web page. I just scanned both barcodes on my CAP ID card and all it gives me is my CAP ID, nothing to associate that with my name. So unless the concern is that the app is secretly data-mining the returned information AFTER the CAP ID is submitted on eservices/WMIRS....well aside from it being an understandable concern, that tells me that it is a security issue that needs to be addressed on the eservices/WMIRS side as much as on the side of the developer whose app is piping processed HTML data into their app, which is the same as an end-user simply right-clicking and choosing "View Source" after a record is pulled.

The app in question has access to the webpage.

Check Pilot/Tow Pilot

Quote from: Starfleet Auxiliary on May 26, 2016, 08:54:18 PM
Quote from: Mission/Tow Pilot on May 26, 2016, 08:05:05 PM
Quote from: Luis R. Ramos on May 26, 2016, 06:56:32 PM
I am not sure I am posting this in the correct area... Should have I loaded this into Tools of the Trade?

Does anyone know of an app to be loaded into a computer that will take a barcode scan and send it into MyOps directly? Or WMIRS?

Or failing that, whether there is an app that can be loaded into a smart phone or iPad, that will read the barcode of the CAPID and send it to WMIRS so we do not have to enter personnel by hand?

Here is what I am hoping to do.

I will be MSA at a training exercise, and was hoping that at sign in people present their CAPIDs. Instead of using regular barcode scanners which we do not have at the moment, if we could use cellphones or IPads to scan their IDs as they arrive.

Does anyone know of such an use?

Solution that took me 30 minutes to find and configure as follows:

1. On iOS, get the BerryWing Scan to Web
2. Pay $2.99
3. In the configuration (Select Gear) set these options:
a. Set the HomePage URL to https://www.capnhq.gov/WMIRS/Resources/MissionResources.aspx?show=personnel
b. In the default configuration the app should scan the barcode on the back. If you want to scan the front QRCode select DataMatrix, and for the Barcode on the back select Code 39, or just select all of the formats.
c. Select HTML Forms "Off", and Scan Suffix should be "Submit on Scan"
4. Restart the app, login into WMIRS
5. Select your Mission
6. In the Sign In/Sign Out screen select "Sign In New Personnel"
7. When in the "Personnel Sign In" screen select the "Scan Icon" and scan your first CAPID.
8. Review the members details and if correct, select "Sign-in".

This may save time on larger exercises. Let us know if it works and you think it saves time.
9. Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure

If/When CAP gets an API for WMIRS, that will be acceptable, but you really really shouldn't use web scrapers/fillers to put in potentially sensitive/PII into anything unless it has been vetted.

Show me the regulation the prohibits this.

Holding Pattern

#17
Quote from: Mission/Tow Pilot on May 28, 2016, 09:38:21 PM


Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

Check Pilot/Tow Pilot

Quote from: Starfleet Auxiliary on May 29, 2016, 12:15:55 AM
Quote from: Mission/Tow Pilot on May 28, 2016, 09:38:21 PM


Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

CAPR 110-1 read and nothing mentioned addressing this.

Article 1 and associated study was relating to third party code and the inherent risks with integrating it into company applications, not related to this.

Article 2 related to downloading apps from third party app sites, not related to this.

Again you stated that CAP would lose their ATO for .gov for an application that scans a CAPID and fills one search field. Again, show me where in the regulations that you can't do that.

If you can't then it's just your opinion and you should just state that instead of coming across as an "authority".

P.S. Just being an IT Officer at a SQ/GP, working in IT is not enough, because there are plenty of us that have that experience.




Holding Pattern

#19
Quote from: Mission/Tow Pilot on May 29, 2016, 12:40:32 AM
Quote from: Starfleet Auxiliary on May 29, 2016, 12:15:55 AM
Quote from: Mission/Tow Pilot on May 28, 2016, 09:38:21 PM


Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

CAPR 110-1 read and nothing mentioned addressing this.

Article 1 and associated study was relating to third party code and the inherent risks with integrating it into company applications, not related to this.

Article 2 related to downloading apps from third party app sites, not related to this.

Again you stated that CAP would lose their ATO for .gov for an application that scans a CAPID and fills one search field. Again, show me where in the regulations that you can't do that.

If you can't then it's just you opinion and you should just state it instead of coming across as an "authority".

P.S. Just being an IT Officer at a SQ/GP, working in IT is not enough, because there are plenty of us that have that experience.

If you want to continue espousing unsafe practices, I'll call you out on it regardless of regulation. Both of those articles explain the risks involved. Un-audited applications accessing our systems expose our systems to risk. This is information security 101.

Knowing this doesn't require being an IT officer or working in IT. Just watching the recent hacks in action should be enough.