Administrative Systems Security Procedures
Posted by Pamela Kistler-Osborne on 07 February 2012 04:23 PM
GOSHEN COLLEGE ADMINISTRATIVE SYSTEMS SECURITY PROCEDURES
Jenzabar information systems are an integral part of the mission of Goshen College. The college has made a substantial investment in human and financial resources to obtain and manage these systems. The following procedures have been established to protect this investment and the good reputation of the college; to develop data stewardship to safeguard the information contained in these systems; and to enhance the fulfillment of the mission of the college.
Information Technology Services (ITS) Data Systems staff are responsible for the administration of these security procedures, in accordance with all college information policies dealing with security, access, and confidentiality of college records.
Statement of responsibility
All users of Jenzabar, Jenzabar CampusWeb, and applications that depend on Jenzabar data (GC Online) are required to comply with these security procedures.
ITS (Information Technology Services) responsibilities
ITS shall be responsible for the administration of all access controls for Jenzabar. ITS will process adds, changes, and deactivations to user accounts upon receipt of a written request from the end user's supervisor or manager. (See sections titled Request for user access process and Access deactivation process.) Requests to add or change access must include all required approvals for the appropriate level of access. Requests to deactivate access may be processed by an oral request from Human Resources prior to the receipt of the written request. Data Systems staff will periodically run scripts that monitor employee status to ensure that former employees are deactivated.
An employee who uses Jenzabar or applications that depend on Jenzabar data shall:
Supervisor and manager responsibilities
Supervisors and managers shall:
HR (Human Resources) responsibilities
HR will notify ITS of employee transfers and terminations in a timely fashion. Involuntary terminations will be reported concurrent with the termination.
Module Owner responsibilities
Data stewardship has as its main objective the management of the college's data assets in order to improve their usability, accessibility and quality. This is accomplished through the role of the departmental module owners, who have planning and policy level responsibility for data within their areas, and management responsibilities for defined segments of the institutional data. In the simplest terms, the data stewards could be said to be the owners of the data. Ultimately, data stewardship is the responsibility of departmental directors and their designates, in conjunction with ITS staff.
It is the module owners responsibility to develop consistent data definitions, develop and adhere to data standards created by the institution, document the business rules of their area, monitor the quality of the data input and output from the Jenzabar systems they use, define security requirements, work with other module owners on integration requirements, and communicate critical uses of data on which other departments depend. As data are developed, the module owners assure that entry and access of the data is appropriately managed. This shall include the classification of all forms, reports and all other forms of access in which this data is expressed.
There shall be a module owner designate for each Jenzabar module in use at the college. Currently these include: Admissions (AD), Advising (AV). Business Office (BU): General Ledger and Accounts Receivable, Development (DE), Financial Aid (FA), Human Resources (HR): Payroll and Personnel, Registrar (RE), Student Life (SA), Tasklist Security (TL). The college also maintains and develops custom applications that are designed for and integrated with Jenzabar which also require data stewardship, GC Online, photoID database and online timecard.
These policies are subject to change with prior notice as may be reasonable under the circumstances.