OPEX System

Please sign in to manage Initiatives

Please fill in all fields.
about

OPEX

Operational Excellence

About the OPEX Framework
Features
Rational behind OPEX
Nerd Facts

1. System Philosophy:

Less is more.
Provide the standard tools used in the Toyota Production System in a single interface that is lean, standardised and not only complies, be embraces the goals of ISO 9001/45001 to efficiently remove safety and quality risks to production.

Encourage engagement by removing the obstacles to engagement

Provide a demonstrable path to decision making and removing the opportunity for deviations

2. Security & Authority Architecture

The system utilizes a "Three-Key" security model to determine access. For a user to interact with data, they must pass three distinct gates:

A. The Permission Matrix ("The What")

Located in the user_permissions_matrix, this defines which actions a user can perform. Permissions are granular and category-specific (e.g., a user might have create_safety but not close_safety).

B. The Site Scope ("The Where")

Located in user_access_scopes, this defines the geographic boundaries of a user.

Global Users: Can see all data across all sites.

Scoped Users: Are restricted to specific Sites or even specific Departments within those sites.

3. Accountability & Data Logging

The tool is designed for high-stakes environments where ISO 9001/45001 compliance is required and an audit trail is non-negotiable.

Detailed Change Logging: Using a verbose Audit Engine, the system compares the "Old Data" to the "New Data" every time a record is saved. It logs exactly which field changed, who changed it, and what the value was before and after.

Soft Deletion: Data is never permanently purged from the database via the UI. When a record is "deleted," it is marked with an is_deleted flag and a deleted_by_user_id stamp. This ensures that accidental or malicious deletions can be recovered.

Hashed File Storage: Uploaded evidence (photos/documents) is renamed using unique cryptographic hashes. This prevents file-name collisions and secures the physical storage directory.

4. User Management & Hierarchy

The tool mirrors the organizational structure of the business:

Designated Closers: Every user is linked to a supervisor (Designated Closer). When a standard user completes a task, the system automatically routes the initiative to their supervisor's dashboard for verification.

Job Titles & Departments: Users are mapped to specific Job Titles and Departments, allowing for automated reporting and KPI filtering by business unit.

5. The Permissions Dictionary (permissions_list)

To ensure the system is robust and easy to maintain, it uses a Dynamic Dictionary approach.

Instead of hardcoding "Manager" or "User" roles into the code, the system looks up actions in the permissions_list table.

Scalability: If you add a new initiative type (e.g., "Sustainability"), you simply add it to the dictionary. The system will automatically generate the required create_sustainability, view_sustainability, and close_sustainability permissions without requiring a developer to rewrite the security logic.

6. Dashboard & Transparency

The Dashboard acts as the central mission control:

KPI Tiles: Real-time counts of "Active Initiatives" (Site-wide) vs. "My Tasks" (Personal).

Awaiting Verification: A dedicated section for supervisors to review pending sign-offs.

Dynamic Menus: Users only see the buttons for initiatives they are permitted to create. If you don't have the create_5s permission, the 5S button simply does not exist for you.

7. Data Robustness

Relational Integrity: The database uses strict Foreign Key constraints. This means you cannot delete a "Site" if there are still "Initiatives" linked to it, preventing "orphan data."

Input Sanitization: All user inputs are processed via PDO Prepared Statements, making the tool resilient against SQL injection attacks.