SIS Access - Technical Services Policy - 50160

1.1 Network Access Procedures are critical to the college to ensure that security safeguards are applied appropriately to data, which is provided through the Student Information System.

2.1 In accordance with the document, COV ITRM Standard SEC2001-01.1 Procedure should be in place at the college to provide a step-by-step process for requesting, granting, terminating and maintaining SIS network Access.

SIS data is essential to the business functions of Germanna Community College, which include, but are not limited to, faculty, staff and students. These procedures define the security and protection requirements for SIS data. This policy document also describes the rights and responsibilities of Germanna personnel in the handling, dissemination, security, and protection of SIS data.

College procedures regarding SIS data security shall comply with all applicable federal and state laws and regulations that govern the privacy and confidentiality of data. This also includes records about individuals requiring protection under the Family Educational Rights and Privacy Act of 1974 (FERPA) and data not releasable under the Freedom of Information Act.

The VCCS retains ownership of all SIS data created or modified by college employees as part of their job functions.

3.1 SIS Roles and Responsibilities

When a new employee joins the Community College, often this person is not aware of what level of access they need. It is the responsibility of the employee and his/her supervisor to discuss the appropriate levels of access they need for the SIS system.

The supervisor should know the Role’s and the navigation for each page when a request is made for network access.

The SIS Security Officer provides guidance and information support to College employees and students participating in SIS. The SIS Security Officer periodically reviews and assesses security practices of SIS. The SIS Security Officer is also responsible for working with the auditors to target correct areas for audits. The Database Administrator acts as the SIS Security Officer backup.

The SIS Security Officer is responsible for reviewing, verifying and maintaining a list of all SIS users.

The SIS Security Officer will also examine the user’s access to the roles, permission lists and pages.

3.2 Granting Access

Note: Germanna implemented a Check In Check Out (CICO) system used by supervisors to request the addition and removal of access for their employees. This went into effect in February 2006.

The supervisor and employee will review the level of SIS access that is appropriate. The supervisor will use the CICO system to submit the SIS access request.

The CICO system will send an email to the SIS Security Officer notifying him/her of the request. The Security Officer will then grant the appropriate access request and mark the request complete in the CICO system. It will be the responsibility of this person to contact the supervisor if there is a question regarding the requested level.

The Security Officer will be responsible for maintaining these requests within the CICO system.

3.3 Maintaining Access

The SIS Security Office will send out a report each semester to the supervisors listing the status and level of employee access for review. This report must be requested from the VCCS Security officer when needed. The supervisors will then send a written or email confirmation for the accounts and make needed change.

By July 1st of each year, the SIS Security Officer will submit a written update and listing of the status, and listing of all active SIS user accounts. This report will be submitted to the College Security Officer for review.

3.4 Termination of Access

When the supervisor receives an employee’s letter if resignation, the supervisor is required to use CICO to check the employee out of the system. CICO will disburse an email to the SIS Security Officer informing him/her of the employees last day.

When this email comes to the SIS Security Officer, they will remove the SIS security from the user by giving the user FWEB access and mark the item as complete in CICO.

Once all items have been removed, Human Resources will be notified.

Human Resources will print the termination report and file the report in each user’s personal file for Audit review. If an employee has resigned, it is the responsibility of Human Resources to make sure the supervisor follows the CICO system process.

3.5 Training

Training on the SIS system is the responsibility of the PeopleSoft SIS Database Administrator.

The SIS Security Officer will ensure that students and employees are informed about Security Awareness as it relates to the SIS system. This training will focus on responsibilities, security practices, and general familiarization of SIS security processes.

Initial passwords are given to each student when their application has been accepted and each employee when an employee’s request has been submitted from his/her supervisor and approved by the SIS Security Officer. The user is given the default password for the SIS system and is forced to change it during his/her first logon.

3.6 Password Maintenance

Password resets – are communicated to college employees during the SIS initial training conducted, at new employee orientation and also during College Wide Meetings when the Security Awareness presentation is conducted.

The user is forced to change their password at using My.VCCS. When a password needs to be reset due to the user being locked out the SIS Security Officer will do this. The password is reset to the users date of birth so the user can create a new, more secure password only he/she knows.

Users are encouraged to change their passwords periodically.

Compromised passwords – If a user suspects that a password has been compromised, he/she needs to contact the SIS Security Officer to request that the password be reset so the user can change the password.

Technical Support Manager

President’s Council: Approval Date - 02/27/06