Maximizing Security in Applied Epic: Best Practices for Effectively Managing Security Groups

security groups in Applied Epic

Effective management of security groups is a critical aspect of ensuring the security and integrity of your data in Applied Epic. Security groups are a way of controlling access to different parts of the system, and as you get started in Epic, security groups are typically very basic and include a group for Servicing, Producers, HR, Accounting and Download. Have you taken the time to review your security groups to ensure that the rights delegated are appropriate? Do you have adequate groups set up based on responsibilities of your staff?

If you are feeling intimidated like most agencies do, we are here to help. In this article, we will discuss some of the best practices for managing security groups in Applied Epic to help you better protect your organization’s data.

Best practices for managing security groups in Applied Epic

1. Review existing group rights to ensure they meet job duties

Review the existing groups and the rights granted in each. Determine if the rights granted allow the staff to process work as needed. If you are reviewing rights and unsure what it might do, the Epic help file has become tremendously better at providing guidance to specifics of each right in the various areas. You can click into each area and the Permission is shown with what it enables, the implications for each and if there are related items, those are also provided.

2. Never add rights to an individual user

It is important to remember that you should never individually add rights for a user. If you add rights for one person on a user level, that configuration isn’t visible with a bird’s eye view of who has what. Create additional groups if rights are requested outside of a user’s basic group.

3. Add new users with groups identified rather than “..same rights as..” method

It is common when a new user starts for HR or an operations leader to say, “this person needs the same rights as..”. The problem here is that if an individual has rights that they may not be aware of, you are going to grant those same rights inherently and erroneously for the new employee. However, granting rights based on security groups guarantees rights based on their work duties.

4. Audit groups and users at least annually

How many employees do you hire and either promote or move within your organization to another role? It happens all the time. With these changes their responsibilities might change. Run management reports to audit who has what groups and if those groups are still appropriate or if changes need to be made.

5. Create subgroups to help with separation of duties

Does your agency have the ability to create a separation of duties in accounting? This separation of rights can help protect your agency from fraud and theft where you may otherwise be exposed. For example, create separate groups for those in your payables department from those in your receivables department and from those who get access to financials or vendor payables.

6. Consider a dual approval for security changes

Depending on the size and complexity of an agency it may be advantageous to have an approval system in place. Consider having a system admin approve and send to an operations manager for final approval before implementing any change.

7. Document, Document, Document

Add backup documentation to each change made and who requested/approved the change on the employee account. This way, there is never a question of who, when what or why.


Applied Epic is a powerful agency management system that serves as a centralized repository for critical information, including client data, policies, financials, and bank accounts. However, without establishing robust security protocols and best practices for managing security groups, you risk exposing this sensitive information to malicious actors. The importance of implementing and adhering to security guidelines cannot be overstated. By leveraging best practices like those outlined above, you can help safeguard your agency’s data and protect against potential security breaches.

If you find that you need assistance with establishing security groups or auditing existing ones, the KiteTech Agency Consulting team is here to help. Our team of Applied Epic experts can guide you through the process of setting up security groups and ensuring that they align with your agency’s needs. With our guidance, you can rest assured that your agency’s data is secure and protected against unauthorized access. Contact us today to learn more!

Picture of Laura Whaley

Laura Whaley

Agency Consultant
Kite Technology Group