User Panel
User Panel
User Panel
|
Posted: 7/29/2016 12:24:51 AM EDT
[#1]
Request and read over all the ATF materials about electronic A&D records systems, to see if you'll even be able to make a system that would be in compliance. Might involve hardcopy dumps of every single transaction at the time it's entered, or daily, etc - but you'd have to read up on the requirements to know for certain.
|
|
|
|
Posted: 7/29/2016 12:53:32 AM EDT
[#2]
Quote HistoryQuoted:
Request and read over all the ATF materials about electronic A&D records systems, to see if you'll even be able to make a system that would be in compliance. Might involve hardcopy dumps of every single transaction at the time it's entered, or daily, etc - but you'd have to read up on the requirements to know for certain. Quote HistoryQuoted:
Request and read over all the ATF materials about electronic A&D records systems, to see if you'll even be able to make a system that would be in compliance. Might involve hardcopy dumps of every single transaction at the time it's entered, or daily, etc - but you'd have to read up on the requirements to know for certain. I think that is outlined in 2016-1 - 9. The licensee must download all records from the system to a physical storage device (e.g. hard drive, Compact Disc (CD), Digital Versatile Disc (DVD), or Universal Serial Bus (USB) Flash Drive) at the licensee’s business premises, or print and maintain them at the licensee’s business premises: a. at least semiannually; however, if the records are downloaded, from a host facility (e.g., remote server or cloud storage provider) contracted/leased by the licensee as provided in condition #9, they must be downloaded at least daily. In all cases, the records must be downloaded in a format that is unencrypted with the required information readily apparent; b. upon request of an ATF officer (must be provided within 24 hours); c. prior to discontinuance or change of: the software (program); the database system, whether or not maintained by a host facility (e.g., remote server or cloud storage provider); and/or the host facility (if applicable); and d. prior to discontinuance of the licensee’s firearms business. |
|
|
|
Posted: 7/29/2016 1:24:46 AM EDT
[#3]
The rulings issued are updates or clarifications to the existing regulations - to thoroughly understand them, you need to start from the basic regulations, then add on the addenda and rulings. You should request the "Federal Firearms Regulations Reference Guide". There's also a "Best Practices" manual available. When I first started out, they were paper, and later editions were released in electronic form on CDROM - they might be available online as PDFs now, or issued on DVD, dunno.
|
|
|
|
Posted: 8/2/2016 12:41:35 AM EDT
[#4]
Wow, so no one else has any thoughts on this?
|
|
|
|
Posted: 8/4/2016 12:45:56 PM EDT
[#5]
There are already a few companies providing an electronic bound book application for FFL's, though IIRC it's all local.
For security reasons I don't store any of my customer's private data - and IMO their firearms purchases count as part of that - anywhere except computers under my direct control. |
|
|
|
Posted: 8/6/2016 11:54:38 AM EDT
[#6]
Quote HistoryQuoted:
For security reasons I don't store any of my customer's private data - and IMO their firearms purchases count as part of that - anywhere except computers under my direct control. That is one of the main things I was thinking of; what percentage of FFLs would not want data being kept up in the "cloud". I have an assumption that there may be allot and then this would probably not be worth it. |
|
|
|
Posted: 8/11/2016 10:18:35 PM EDT
[#7]
I think it's got legs. Especially in a redundant array.
Working in both guns and computers/security, the fear of (and penalties of) loss of data is greater than the risk of security leak. Give me redundancy and availability along with a scalable database type proven to not to go the ways of the dinosaur (like the .adp), and you've got a sale. The crossover will be gun guys that are also actually tech savvy, and aren't still the sort that believe someone "hacked in" and put all the lesbo porn on their wife's ipad. |
|
|
|
Posted: 10/23/2016 12:08:49 AM EDT
[#8]
Quoted:
Disclaimer: I've been kicking an idea for this in my head, so it may or may not ever come into fruition. This is more of a theoretical, should I invest time type of discovery. In my day job I work on web applications and was wondering if an online bound book would be acceptable and attractive to FFLs. This would probably be something based on a subscription model. So I am looking for opinions from you guys and have the following questions - Any concerns with using an online system (assuming proper backups are done)? I'm aware of 2013-5 & 2016-1, but are there any other regs I should know about? How much would an FFL be willing to pay per month or annually? Any features that would be desirable? Any other insight that might be noteworthy? If I understand you correctly, I think Gun Store Master has already done what you are trying to do. I have the electronic Bound Book and it has an offline backup that syncs throughout the day. If I ever need it I have a backup that I can access even if the net is down. And of course I use a hard drive backup that is used every few days. |
|
|
|
Posted: 10/23/2016 6:30:09 AM EDT
[#9]
There's few who already do this. And I think few of them are actual ffls. Not that your idea is bad but competition wise you might have a problem. If I recall correctly one of the companies was charging like $25 a month or so for an average FFL. And like $12 I think for more of a lower volume home based type FFL.
Just a thought. Me personally I went with an excel doc and have it backed up automatically to 2 separate cloud sources and plan to print out on a periodic basis as required. It seems like most of the online or software based has some kind of association with an FFL or manufacturer etc. |
|
|
|
Posted: 10/24/2016 5:07:28 PM EDT
[#10]
If you have it cloud based you would still need to have a local copy of it. What if some major internet outage occurred right before the ATF was to be onsite for a inspection?
|
|
|
|
Posted: 10/24/2016 5:41:31 PM EDT
[#11]
A couple of downsides to this....
1) If it's cloud-based, what's to stop the ATF from obtaining the files to make copies for their own agendas (beyond the scope of an audit)? If they're reading the files online they can make copies & mine the data. 2) Could this also be hacked? Some gun-hating jerk breaking in to see who you're selling to, so they can access the buyers' information & harass them? Or - perhaps even worse - to alter your online books to make it look like you sold a gun to Bin Laden etc? |
|
|
|
Posted: 10/24/2016 6:57:30 PM EDT
[#12]
Quote HistoryQuoted:
If you have it cloud based you would still need to have a local copy of it. What if some major internet outage occurred right before the ATF was to be onsite for a inspection? GunstoreMaster In Store provides this function right out of the box. |
|
|
|
Posted: 10/25/2016 10:46:52 PM EDT
[#13]
Quote HistoryQuoted:
1) If it's cloud-based, what's to stop the ATF from obtaining the files to make copies for their own agendas (beyond the scope of an audit)? Quote HistoryQuoted:
1) If it's cloud-based, what's to stop the ATF from obtaining the files to make copies for their own agendas (beyond the scope of an audit)? The 4th amendment. Quoted:
2) Could this also be hacked? Some gun-hating jerk breaking in to see who you're selling to, so they can access the buyers' information & harass them? Or - perhaps even worse - to alter your online books to make it look like you sold a gun to Bin Laden etc? That is why good development practices are a must. Also part of the plan would also be to get security penetration testing done to the app. It's expensive but you will find out real quick if you have any gaping holes in the app. Then as a last ditch there will also be regular backups. I'd worry more about the IT security of various small business including gun stores. Many non tech savy people have infected computers and don't know it. Retail quality anti-virus is a joke so there is no relief there. |
|
|
|
Posted: 10/25/2016 11:22:47 PM EDT
[#14]
Quote HistoryQuoted:
If you have it cloud based you would still need to have a local copy of it. What if some major internet outage occurred right before the ATF was to be onsite for a inspection? Looking at 2016-1 it looks like having a local text file would be good enough. Any system could just email a download link at the required interval. As far as a "major internet outage", with it being available online you could simply go to were another internet connection is available since it is an online system. With one of those locally installed software programs there is a greater risk that the one computer it is installed on could be broken. |
|
|
|
Posted: 11/22/2016 7:16:33 PM EDT
[#15]
Look at Fastbound. See if you can beat what they already do. Go for it.
Jeff |
|
|
|
Posted: 11/22/2016 7:41:47 PM EDT
[#16]
Quote HistoryQuoted:
Wow, so no one else has any thoughts on this? There is no way I would put customer's info at risk (and thus myself) by putting them online. |
|
|
|
Posted: 11/24/2016 12:19:12 PM EDT
[#17]
Quote HistoryQuoted:
There is no way I would put customer's info at risk (and thus myself) by putting them online. Quote HistoryQuoted:
Quoted:
Wow, so no one else has any thoughts on this? There is no way I would put customer's info at risk (and thus myself) by putting them online. One of the major hurdles to overcome is concerns like this. |
|
|
|
Posted: 12/21/2016 10:24:38 PM EDT
[#18]
As someone that is developing this exact thing, the toughest part is partitioning the database from one licensee to another. We have several choices (cloud services) on market today but a lot of them don't actually partition the database but use one large database and assign the row to the login. That isn't actually how the ATF wants it. Everything else is easy peasy, you should also run a redundant backup like a disaster recovery hosted on a different platform. Remember (you probably already know this) these records are vital to the FFL so redundancy is very important. They must also print/download/save the data semiannually if hosted locally and daily if in the "cloud". Also if you change hosting facility you must notify the licensee so they can notify their local ATF office. Developing everything else is fairly straight forward as you already know, good luck in your endeavors.
|
|
|
|
Posted: 12/21/2016 10:30:26 PM EDT
[#19]
Quote HistoryQuoted:
One of the major hurdles to overcome is concerns like this. Quote HistoryQuoted:
Quoted:
Quoted:
Wow, so no one else has any thoughts on this? There is no way I would put customer's info at risk (and thus myself) by putting them online. One of the major hurdles to overcome is concerns like this. 99% of the Cloud solutions on the market today for enterprise use goes above the standard of HIPAA Security Rules, your customers data is as a safe as ever. But I do understand where everyone that is unsettled by the idea of placing your records/client data within the cloud, so I don't blame anyone for not utilizing it. |
|
|
|
Posted: 12/21/2016 10:32:01 PM EDT
[#20]
Quote HistoryQuoted:
Looking at 2016-1 it looks like having a local text file would be good enough. Any system could just email a download link at the required interval. As far as a "major internet outage", with it being available online you could simply go to were another internet connection is available since it is an online system. With one of those locally installed software programs there is a greater risk that the one computer it is installed on could be broken. THIS X1000000 Your data, records, information and ect. is more vulnerable being stored on your hardware (computer, ect.) than it is in the cloud. |
|
|
|
Posted: 12/23/2016 3:39:33 AM EDT
[#21]
Quote HistoryQuoted:
As someone that is developing this exact thing, the toughest part is partitioning the database from one licensee to another. We have several choices (cloud services) on market today but a lot of them don't actually partition the database but use one large database and assign the row to the login. That isn't actually how the ATF wants it. Everything else is easy peasy, you should also run a redundant backup like a disaster recovery hosted on a different platform. Remember (you probably already know this) these records are vital to the FFL so redundancy is very important. They must also print/download/save the data semiannually if hosted locally and daily if in the "cloud". Also if you change hosting facility you must notify the licensee so they can notify their local ATF office. Developing everything else is fairly straight forward as you already know, good luck in your endeavors. CREATE DATABASE customer1; CREATE DATABASE customer2; |
|
|
|
Posted: 12/23/2016 12:47:05 PM EDT
[#22]
Quote HistoryQuoted:
CREATE DATABASE customer1; CREATE DATABASE customer2; Yes, I think it was tough for me was because the original system we was going to use didn't allow it to work that way but instead create one big storage then store all the data within it. Edit* I mean I guess if we really tried hard enough we could of done it, but we went with another storage that would of been easier to develop and scale with. |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
