Data Access Procedures

Transcription

1 Rev Effective Date: November 2, 2005 Last Review Date: February, 2015 Directly in support of the following Policy Document(s): Georgia Institute of Technology Data Access Policy The following are responsible for the accuracy of the information contained in this document Responsible University Officer Associate Vice President / Associate Vice Provost for Information Technology and Chief Information Officer (CIO) Responsible Coordinating Office Office of Information Technology (OIT) 1. Executive Summary This document is in direct support of the Georgia Institute of Technology Data Access Policy and is included by reference in the policy. This document sets forth guidelines and procedures for requesting access to Institute Data, and in particular to Sensitive Data as defined in the Data Access Policy. This document shall be subject to periodic changes and updates, as necessary, independent of the policy document itself. 2. Procedures (NOTE: Phrases shown in italics at their first occurrence in this document are defined in the associated IT Policy Definitions - Standards Document No. 05.GIT.170) a. Data Coordinators assist with data classification. Data Coordinators grant access to the data within their purview according to criteria defined for specific access requirements. For example, some types of access require training, the establishment of user accounts, and awareness of federal or State guidelines restricting data access. b. Authorized Requesters represent a campus unit or group of campus units, and are appointed by someone with at least unit head authority. Every organization determines the best way to assign this responsibility based upon workflow, organizational structure, and job responsibilities. c. Authorized Requesters verify individual access requirements, and forward access requests to the appropriate Data Coordinator. Authorized Requesters assure that access Page 1 of 5

2 privileges are kept current with changes in personnel status for individuals in the unit(s) represented. d. Data Coordinators will provide assistance as required to Authorized Requesters to assure that access privileges are granted in accordance with the Policy. e. The requests are initiated via or applicable web form, and forwarded to the appropriate Data Coordinator. If the request requires electronic access to data, it is then forwarded to the appropriate Data Administrator for action. f. Access requests should include the following information: Department Name User Name User ID (if one has already been assigned) Job Title Phone Number What Data/Role & Why (Data Coordinators will provide assistance) Access End Date (some individuals only require temporary access) All expected user groups for the data requested (i.e. will the data be released to third parties?) Note: Any change or extension to the original intended use of the data requested (as documented in the original access request), such as a new application being developed using data for which access was previously granted, shall require a new access request explicitly documenting such change or extension. g. All data access requests must have a minimum of three certifications: i) Data User: acknowledging having received the Institute s Data Access Policy; ii) Supervisor/Departmental Certification: authorizing data user to access data based on job responsibilities, and verifying the accuracy of the information conveyed on the data access request form; and iii) Technical Certification: approval of the corresponding Technical Authority for the data user s department, certifying the technical compliance of the client and/or server machines to be used by the data user to access the information. Additional certifications may be required by individual department policies and/or systems. h. If an individual is requesting access to data that has associated prerequisites, such as Banner and PeopleSoft training, or review of Family Education Rights and Privacy Act (FERPA) and/or Gramm-Leach-Bliley Act (GLBA) Sensitive Data Access guidelines, then the Data Coordinator will ensure that the prerequisites have been met prior to approval. i. Data Coordinators and Data Administrators will maintain electronic archives of all requests. Data Administrators will serve as the point of contact for related audit reviews. j. Data Administrators will maintain a repository of information regarding the data classified by the Data Stewards and Coordinators. Page 2 of 5

3 Procedure for Requesting Data Access to Institute-wide Systems (as of February 2015) Authorized Requester Initiate request to create, change, or terminate access privileges. Three signatures required for new requests: User, Supervisor, Technical Certification (Define access requirements) Data User Requires access in the performance of job responsibilities. Appropriate Data Coordinator Cargill, Shalonda PeopleSoft HR GTDW Employee Data Hayes, Zach Banner Student GTDW* Student Data Gibson, Carol PeopleSoft Financial GTDW Financial Data Mason, Sandy PeopleSoft SPD PeopleSoft Grants GTDW* SPD Data GTDW* Grants Data Hutchison, Garry (Duane) Office of Sponsored Programs Bamburowski, David Graduate Admissions Cozzens, Susan Faculty Data (Non-HR Data) Yes Training required? No request includes: 1. Department 2. User Name 3. User ID 4. Job Title 5. Phone Number 6. What Data & Why 7. Access End Date 8. List of all intended user groups for requested data (incl. third parties). *GTDW=GT Data Warehouse Approve & forward notification Data Administrator Review requests Enable access Maintain authorization records Authorization Form User Packet Obtain Authorization Pick up copy Annotate & forward notification Data Coordinator Matches to request Authorized Requester Matches to request Data User Page 3 of 5

4 Chief Stewards, Data Stewards, and Primary Data Coordinators for Institute-wide Systems (as of February 2015) Reta Pikowsky, Registrar Zachary Hayes Associate Registrar Kim Harrington Associate Vice President - OHR Shalonda Cargill, Director HR Information Services Jim Fortner, Associate Vice President - Financial Svcs Carol Gibson, Associate Controller Banner Student Information Faculty Access System Data Warehouse Student Data General Student Information Student Major & Degree(s) Transfer Credits Student GT Grades Student Term Data (Hours & GPA) Course Instructors Current / Future Course Schedule(s) Student Activities PeopleSoft HR/Payroll Data Warehouse Employee Data HRMS Payroll PeopleSoft Financials PeopleSoft SPD Data Warehouse Financial Services Data Chart of Accounts Ledger Posting Detail Grants & Contracts Accounting Salary, Planning & Distribution Sandy Mason, Director - Grants & Contracts Accts. Jilda Garton, Associate Vice Provost - OSP Duane Hutchison, Director - OSP David Bamburowski, Director - Graduate Studies Susan Cozzens, Vice Provost Office of Sponsored Programs OSP System Graduate Admissions Data Faculty Data - Non HR Data Page 4 of 5

5 3. Revision History Revision Number Author Description Jimmy Lummis Updated Data Stewards and Coordinators Jimmy Lummis Updated Data Access Request diagram Herb Baines Updated Data Stewards diagram Richard Biever Updated Data Coordinator contact information Richard Biever Updated Data Coordinator contact information. Page 5 of 5