Knowledgebase: Policies
Administrative Systems Security Procedures
Posted by Pamela Kistler-Osborne on 07 February 2012 04:23 PM

GOSHEN COLLEGE ADMINISTRATIVE SYSTEMS SECURITY PROCEDURES

Jenzabar information systems are an integral part of the mission of Goshen College. The college has made a substantial investment in human and financial resources to obtain and manage these systems. The following procedures have been established to protect this investment and the good reputation of the college; to develop data stewardship to safeguard the information contained in these systems; and to enhance the fulfillment of the mission of the college.

Information Technology Services (ITS) Data Systems staff are responsible for the administration of these security procedures, in accordance with all college information policies dealing with security, access, and confidentiality of college records.

Statement of responsibility

All users of Jenzabar, Jenzabar CampusWeb, and applications that depend on Jenzabar data (GC Online) are required to comply with these security procedures.

ITS (Information Technology Services) responsibilities

ITS shall be responsible for the administration of all access controls for Jenzabar. ITS will process adds, changes, and deactivations to user accounts upon receipt of a written request from the end user's supervisor or manager. (See sections titled Request for user access process and Access deactivation process.) Requests to add or change access must include all required approvals for the appropriate level of access. Requests to deactivate access may be processed by an oral request from Human Resources prior to the receipt of the written request. Data Systems staff will periodically run scripts that monitor employee status to ensure that former employees are deactivated.

Employee Responsibilities

An employee who uses Jenzabar or applications that depend on Jenzabar data shall:

  • Ensure that all Jenzabar access requested and used is for professional reasons and they are required for their productivity.
  • Use and protect their own account passwords and privileges, and not share those with other employees or non-employees.
  • Be responsible for the content of all Jenzabar data that is placed over the Internet, sent through email or passed to other departments for college use.
  • Know and abide by all college information policies dealing with security and confidentiality of college records.
  • Avoid transmission of non-public Jenzabar information. If it is necessary to transmit non-public information, employees are required to take steps reasonably intended to ensure that information is delivered securely to the proper person who is authorized to receive such information for legitimate college use.

Supervisor and manager responsibilities

Supervisors and managers shall:

  • Ensure that all appropriate personnel are aware of and comply with these security procedures.
  • Provide appropriate data stewardship in their areas of responsibility.
  • Work with the Data Systems staff to create and validate proper authorizations for Jenzabar data access for current and new employees.
  • Create appropriate control practices, standards, and methods designed to provide reasonable assurance that all employees observe these security procedures.
  • Provide appropriate support and guidance to assist employees in fulfilling their job responsibilities under these security procedures.

HR (Human Resources) responsibilities

HR will notify ITS of employee transfers and terminations in a timely fashion. Involuntary terminations will be reported concurrent with the termination.

Module Owner responsibilities

Data stewardship

Data stewardship has as its main objective the management of the college's data assets in order to improve their usability, accessibility and quality. This is accomplished through the role of the departmental module owners, who have planning and policy level responsibility for data within their areas, and management responsibilities for defined segments of the institutional data. In the simplest terms, the data stewards could be said to be the owners of the data. Ultimately, data stewardship is the responsibility of departmental directors and their designates, in conjunction with ITS staff.

It is the module owners responsibility to develop consistent data definitions, develop and adhere to data standards created by the institution, document the business rules of their area, monitor the quality of the data input and output from the Jenzabar systems they use, define security requirements, work with other module owners on integration requirements, and communicate critical uses of data on which other departments depend. As data are developed, the module owners assure that entry and access of the data is appropriately managed. This shall include the classification of all forms, reports and all other forms of access in which this data is expressed.

There shall be a module owner designate for each Jenzabar module in use at the college. Currently these include: Admissions (AD), Advising (AV). Business Office (BU): General Ledger and Accounts Receivable, Development (DE), Financial Aid (FA), Human Resources (HR): Payroll and Personnel, Registrar (RE), Student Life (SA), Tasklist Security (TL). The college also maintains and develops custom applications that are designed for and integrated with Jenzabar which also require data stewardship, GC Online, photoID database and online timecard.

These policies are subject to change with prior notice as may be reasonable under the circumstances.

(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: