A company has provided us with a website for collecting data which is confidential. The users typically want the websites session to stay active for up to 1 hour of inactivity so they can leave and return as they please without losing their progress, but IT security want this to be 10 minutes... both are valid and understandable.
Most PC's have a screen lock of 10-15 minutes and will enable users to log back in and continue with their web session without losing data. We also have shared PC's that do not lock and I am looking for ideas of how we can adjust the times the session logs off locally or if this is possible at all?
Each computer have IE11 and Chrome installed
The risks are if the timeout is too long we have a data breach and if too short the system will not get used.