VCPBoard
Secure, Read-Only Portal for Determination Board Members
Board Member PortalContents
1. Overview
VCPBoard is a purpose-built portal within the VCPMS platform designed for determination board members — the independent voting body that reviews victim compensation claims in hybrid-decision states where claims above a statutory threshold, claims with policy-sensitive facts, or appeals of administrative decisions must be approved by a board rather than by staff alone.
Before VCPBoard, board members received printed agenda packets by courier, read case details on paper, and transcribed their votes by hand for staff to enter back into the claims system. VCPBoard replaces that workflow with a secure, audited, role-scoped read-only window into the same VCPMS data staff uses — while keeping each member's working notes strictly private.
Who Uses VCPBoard?
Board Members
Appointed members of a state's victim compensation determination board. Review upcoming dockets, drill into each claim on the agenda, and take private pre-meeting notes to prepare for deliberation.
Appeals Panel Members
Where a state seats a separate appeals panel (or where the main board hears appeals), panel members use the same portal to review VcClaimAppeal agenda items alongside regular claims.
Board Chairs & Secretaries
Chairs and board secretaries use VCPBoard to review the full historical record of decisions, look up prior rulings for consistency, and prepare meeting-minute source material.
What's on the Docket
A determination docket is the agenda for a single board meeting (or, in administrative states, a single batch of administrative decisions that the board ratifies). Each docket groups together the claims and appeals the board will consider, along with staff recommendations, supporting documentation, and public/redacted content for any open-meeting requirements.
VCPBoard shows each member the dockets they're entitled to review, in states that matter for their workflow — upcoming, in-deliberation, recently decided, and voided. Draft dockets are explicitly hidden because they represent in-progress staff assembly work that is not ready for board review.
2. Getting Started
Access to VCPBoard is by invitation only. Program staff in VCPOffice create board-member accounts through the standard user-administration flow, assigning each account the BrdUserRole static role and the BrdUser user category.
Account Provisioning
Staff Creates the Account
In VCPOffice, a user administrator clicks Add a New User → Board Member, enters the member's name and email, and saves. The account is automatically created with the BrdUserRole role assignment; no workflow permissions (create/edit/delete on claims) are granted.
Activation Email
The member receives an activation email at the address on file. Clicking the activation link lets them set their password and log in for the first time.
First Login
The member navigates to the tenant's Board Member Portal URL (for example, https://board.yourprogram.gov in production, or okvcpms.brd.localhost:4208 in a local development environment). They log in with their credentials and land on the Docket Dashboard.
Ready to Review
No further setup is required. The member immediately sees every visible docket for the tenant, scoped to the states configured for board review.
Feature Gate
VCPBoard is controlled by the tenant-level feature flag App.Brd.Enabled. Programs that don't use a board model (pure administrative states) can leave the feature disabled and the portal will not appear — even if a user somehow lands on the URL, every endpoint returns 403 Feature Not Enabled.
Authentication Security
| Security Feature | Details |
|---|---|
| Password Policy | Minimum 12 characters with complexity requirements |
| Multi-Factor Authentication | Required for all users (when enabled by administrator) |
| Password Rotation | Every 90 days; cannot reuse last 4–5 passwords |
| Session Management | Automatic timeout controls for inactive sessions |
| Connection Encryption | TLS 1.2+ encrypted connections on all portal access |
| Role Gate | Every endpoint enforces [AbpAuthorize(AppPermissions.BrdUser)] — non-board users receive 403 regardless of other permissions |
| Tenant Feature Gate | Every endpoint enforces [RequiresFeature("App.Brd.Enabled")] at the tenant level |
3. Docket Dashboard
The landing page is the Docket Dashboard — a paginated, filterable table of every determination docket in the tenant that the board has cause to see.
What Members See
Doc ID
The short name of the docket (e.g., BA-26-0007). Clicking the row opens the docket detail page.
State
Human-readable workflow state: Waiting for Decision, Recording Decision, Completed, or Voided.
Scheduled Meeting Date
Date the board meeting is (or was) scheduled for. Helps members quickly locate the current or next agenda.
Decision Date
Date the board's decision was recorded (for Completed dockets). May be the same day as the meeting or shortly after if the vote was finalized post-meeting.
Items / Appeals
Count of claims and appeals on the docket's agenda. A fast at-a-glance indicator of docket size before drilling in.
State Scoping
Search & Filtering
The search box filters dockets by short name or public content. The Include historical dockets checkbox controls whether Completed and Voided dockets are included alongside the active ones; it's on by default so members can always look up prior decisions.
Sort Order
Dockets are sorted by scheduled meeting date (descending) then by docket id (descending), so the most recently scheduled docket is always at the top.
Screenshot: Docket Dashboard — Paginated table of non-Draft dockets with state labels, scheduled meeting dates, and item counts — Available in production environment
4. Docket Detail & Agenda
Clicking a docket row opens the Docket Detail page — the central hub for reviewing a single meeting's agenda.
Docket Metadata
The top of the page summarises the docket itself:
| Field | What It Shows |
|---|---|
| State | Current workflow state (human-readable label) |
| Docket Type | Whether this is an administrative track, a full board meeting, a special session, or an emergency docket |
| Scheduled Meeting Date | Calendar date of the board meeting |
| Decision Date | Date the board's decisions were recorded (for Completed dockets) |
| Items / Appeals / Awards | Counts showing how many claims are on the agenda, how many are appeals, and how many awards were generated (for Completed dockets) |
| Votes | Members present plus tallies: votes for, against, abstained. Displays "Votes not yet recorded" when staff has not yet entered the outcome |
| Public Content | Redacted/public version of the agenda content, suitable for display in open-meeting contexts if the tenant's sunshine-law configuration requires it |
Agenda: Items and Appeals
Below the docket metadata is the agenda table — a unioned list of every claim and every appeal on this docket. Each row shows:
- Type — VcClaim for a regular claim, VcClaimAppeal for an appeal
- Doc ID — the short name of the agenda item
- Victim — claimant/victim name (where pane visibility and field redaction permit)
- Date of Crime
- State — current workflow state of the claim (e.g., PendingBoardDetermination)
Clicking any row opens the Claim View for that agenda item.
What Members Do on the Detail Page
Scan the Agenda
Get a one-page read of how many claims are on the docket, how many are appeals, and what meeting date they're assigned to.
Drill In
Click any claim or appeal row to open its Claim View with the tenant-configured panes.
Take Docket-Level Notes
Use the Private Notes section at the bottom of the page to write docket-wide observations (e.g., "Ask staff about the trend in contributory-conduct denials"), visible only to you.
Review After the Meeting
Once the docket's state is Completed, the Votes section shows the recorded tallies, and claim drill-downs pull from the immutable Award snapshot so the historical record never drifts.
Screenshot: Docket Detail — Metadata block + agenda table listing claims and appeals + private notes panel — Available in production environment
5. Claim View & Panes
Clicking an agenda item opens the Claim View, a pane-driven summary of the claim (or the claim underlying an appeal). Unlike VCPOffice's full-case screens, the Claim View shows only the sections the tenant has turned on for board review, with field-level redaction applied server-side.
Available Panes
Summary
Claim short name, workflow state, victim name and age, claimant (if different), date of crime, county, date created, last decision date and round, and any Primary/Secondary-victim and Continuance flags.
Crime Information
Date of crime, victim age at crime, county where the crime occurred, and referring agency (if tracked).
Offenders
List of offenders on the claim with short name, first/last name (subject to redaction), and relationship to victim. Count-only presentation is available via the Minimal preset.
Requested Amounts
Table of requested benefits with short name, current state, and benefit category. Count of benefit requests is shown above the table.
Supporting Documents
Top-N (up to 50) attached incoming documents with short name, category, state, and upload date. Metadata only — board members do not receive viewable copies of police reports, medical records, or other in-documents through VCPBoard.
Staff Recommendation
Initial and examiner recommendation IDs, the staff eligibility determination (Yes/No), the reason text, any primary denial reason, the state-reason enum, and the approving-staff comment.
Decision History
Current decision round and last decision date for this claim, plus a table of up to 20 prior Awards across all dockets — each row showing award short name, round, state, and source docket. Invaluable for board consistency review.
BoardViewConfig.VisibleClaimPanes inside the DeterminationDocket workitem manager config. Members can't turn panes on or off themselves.
Live Data vs. Award Snapshot
VCPBoard shows claim data through two different lenses depending on where the docket is in its lifecycle:
-
Active dockets (Waiting for Decision, Recording Decision) — the Claim View pulls live data from the current
VcClaimrecord. If staff update the claim between when the agenda is published and when the board votes, the updated data appears. -
Decided dockets (Completed, Voided) — the Claim View pulls from the immutable Award snapshot (
Award.VcClaimSnapshotJson) captured at decision time. If the live claim is later amended, the record the board actually reviewed never changes.
A small "(Award snapshot)" badge next to the claim title tells members which view they are looking at.
Field-Level Redaction
In addition to pane-level visibility, tenants configure a hidden-fields blocklist — dot-paths like victim.ssn, offender.dob, victim.homeAddress, victim.phone, and victim.email. These fields are stripped from the serialized pane data server-side before it ever leaves the API. Frontend-only hiding is explicitly not relied on; the redaction list is defence in depth.
This lets a program let its board members review who a claim is about without exposing PII that's neither needed for deliberation nor permissible to share under the state's victim-confidentiality statute.
Screenshot: Claim View — Summary + Crime Info + Offenders + Requested Amounts panes with redacted fields stripped — Available in production environment
6. Private Notes
Deliberation works best when each board member can jot down impressions, questions, and reminders as they prepare. VCPBoard gives every member a private note-taking surface attached to whatever they're looking at — a docket, a specific claim, or a specific appeal.
How Private Notes Work
Author-Only Visibility
Notes are visible only to the member who wrote them. Other board members can't see them, staff can't see them, and administrators can't see them. Author-only visibility is enforced by the server — not just the UI.
Attach to Any Agenda Item
Write notes at the docket level ("Ask about the funding balance before we approve any more awards this quarter"), at the claim level ("Contributory conduct here — need more detail"), or at the appeal level ("First appeal I've seen alleging procedural error").
Rich Text
Notes support formatting, lists, highlights, and inline emphasis through the built-in CKEditor — the same editor used elsewhere in VCPMS for staff notes.
Edit & Delete Your Own
You can edit or delete your own notes at any time. You cannot see, edit, or delete notes from other members — even administrators can't bypass this.
Search & View
The private-notes pane includes a search box so members can find notes they've taken on prior claims, and a "View All" link that opens the full private-notes search across every entity they've annotated. No pagination or limits apply to a member's own notes.
Screenshot: Private Notes Panel — Privacy banner, search box, View All button, and rich-text editor for new notes — Available in production environment
7. Tenant Configuration
Programs tune VCPBoard to their board's needs through the Board Member View section of the Determination Docket workitem-manager configuration. There is no per-member configuration surface; consistency across the board is intentional.
Where to Configure
In VCPOffice, navigate to Setup → WorkItem Manager Configs, edit the Determination Docket configuration, and open the Extended Configuration tab. Scroll to the Board Member View section.
What's Configurable
| Setting | What It Controls |
|---|---|
| View Preset | Minimal / Standard / Full — seeds the initial pane set and hidden-field list. Individual overrides still apply on top of the preset. |
| Visible Claim Panes | Checkbox for each pane: Summary, Crime Info, Offenders, Requested Amounts, Supporting Documents, Staff Recommendation, Decision History. Unchecked panes are not rendered and their data never leaves the API. |
| Hidden Claim Fields | One dot-path per line (e.g. victim.ssn, offender.dob, victim.homeAddress). Applied server-side in BrdAppService.SerializeWithRedaction in addition to pane visibility. Defence in depth against accidental PII exposure. |
DeterminationDocketExtConfig.BoardViewConfig, which serializes into the ExtendedConfigDataJson field on the workitem-manager config record. Tenant export/import carries this configuration automatically — no bespoke migration is required when spinning up a new state.
Presets in Detail
Minimal
Summary + Staff Recommendation only. Fits a very traditional board that reviews only top-line facts and the staff's recommendation, voting up or down without touching the docket's underlying detail.
Standard
Summary, Crime Info, Requested Amounts, Supporting Documents, Staff Recommendation. A middle-ground that lets the board see what they're approving without having to request supplemental packets from staff.
Full
All panes enabled including Offenders and Decision History. Suits a highly engaged board that wants consistency-review context (Decision History) and offender context for contributory-conduct evaluations.
8. Security & Privacy
Board members are outside the program's direct chain of command and handle some of the most sensitive information in the program — contested eligibility evaluations, denied appeals, protective-order-relevant offender data. VCPBoard's security model is therefore layered, server-enforced, and designed so an administrator cannot silently broaden what a board member sees.
Five Layers of Enforcement
Tenant Feature Gate
If App.Brd.Enabled is off, every BrdAppService endpoint returns 403 regardless of role. A tenant that doesn't use a board simply doesn't expose the portal.
User Category Gate
Every endpoint enforces [AbpAuthorize(AppPermissions.BrdUser)]. Only users with UserCategory.BrdUser pass the filter; VBO, VCA, SPA, ADV, and LEA users are rejected at the outermost layer.
Docket State Gate
The Claim View endpoint re-validates that the docket is in WaitingForDecision, RecordingDecision, Completed, or Voided. Draft dockets and any future non-board states are unreachable even by direct API call.
Pane Whitelist
The server emits only the panes the tenant has turned on in BoardViewConfig.VisibleClaimPanes. A pane that isn't in the list is never serialized — not hidden in the UI, actually not sent.
Field Redaction
SerializeWithRedaction strips any key whose dot-path is in BoardViewConfig.HiddenClaimFields before the pane dictionary is JSON-serialized. Belt-and-braces against accidental PII exposure.
Author-Scoped Notes
Private-note edit and delete explicitly check entity.CreatorUserId == AbpSession.UserId. A board member cannot see, edit, or delete another member's notes — and neither can an administrator.
Compliance Standards
| Standard | Scope | Implementation |
|---|---|---|
| TLS 1.2+ | Data in transit | All portal communications encrypted with TLS 1.2 or higher |
| AES-256 | Data at rest | All stored data and documents encrypted with AES-256 encryption |
| HIPAA Alignment | Health-related information | Full HIPAA safeguards for any medical or health-related fields surfaced in panes (which may be redacted out entirely via hidden-fields configuration) |
| WCAG 2.1 AA | Accessibility | Portal interface meets web accessibility guidelines; board membership often includes older members or members with mobility-related accommodations |
| Immutable Snapshots | Audit integrity | Decided dockets serve from Award.VcClaimSnapshotJson; the record the board reviewed is preserved verbatim for audit and appellate review |
Sunshine Law & Public Content
9. Benefits of VCPBoard
No More Printed Packets
Eliminate the cost and courier time of printing, binding, and distributing agenda packets to every board member before every meeting. Every member has the same data, updated in real time, on any device.
Faster Board Decisions
Members review claims any time before the meeting, so meetings focus on deliberation and voting rather than catching up on the facts. Shorter meetings, clearer decisions.
Tenant-Tuned Scope
Each state configures exactly which claim sections and fields are visible to its board. A small administrative-track state can show bare-minimum summary and recommendation; a full hybrid-decision state can surface the entire eligibility picture.
Audit-Grade History
Completed dockets lock in an immutable Award snapshot. If a claim is amended later, the record the board actually voted on never changes — critical for appellate review and program audits years after the decision.
Private, Portable Notes
Each member's preparation notes are author-only, attach to any agenda item, and persist across sessions. Members walk into the meeting with their own working context, not a shared document.
Zero Claim-Editing Surface
VCPBoard is intentionally read-only for claim data. There is no way for a board member to accidentally edit a claim, change a recommendation, or delete a record. Voting outcomes are recorded by staff based on meeting minutes.
Five-Layer Security
Tenant feature gate, user category gate, docket-state gate, pane whitelist, and field redaction — all enforced server-side. Members see exactly what the program authorised them to see, not a byte more.
Five-Minute Onboarding
Three screens, no configuration menus, no workflow buttons. Members appointed to the board spend their learning time on the substance of the program, not on training videos.