Working with a business owner who uses Shopify to sell goods online, there was a query relating to stock inventory anomalies.
The problem was that out of stock items were being put back into stock on the backend of Shopify even though the physical quantities were not available in the warehouse. It was believed that Shopify was automatically updating the stock without the knowledge of the team. Shopify customer service had been contacted with a view that they were responsible and could help resolve the situation.
As suspected Shopify couldn’t help as the inventory history indicated something else. The inventory history, clearly identified who had updated the stock, which is to be expected of such a system.
As we had an ‘ Adjusted by’ name, I thought ‘problem solved’! But I was wrong as everyone was using the same login details to access the system therefore the inventory could have been ‘adjusted by’ anyone making it totally unclear as to who was responsible for the adjustments.
In Information Security terms this was a huge problem as there were no user and access control procedures in place that could help identify who was doing what. The problem was not with the Shopify system but with who and how the system was being used.
In order to pinpoint what was happening with the stock inventory anomalies, it was agreed, with the Director and Operations Manager, that new staff profiles should be created.
By creating the new staff profiles we were able to ensure that:
- each staff member logged on using their own username and password;
- only the Director and her business partner were able to use the main user account with full permissions, and;
- staff were able to use Shopify with restricted permissions allowing them to work on the areas that require them to fulfil their roles.
Step by step guidance was given on the best way to implement the profile updates and to communicate it to the team. This was important as some users worked remotely and others on a part time basis and we didn’t want to cause disruption to the service.
The system will be monitored over the next few weeks and further actions, if any, will be carried out.