Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Security of Rowan University’s Banner Systems 

  2. Internal and external auditors routinely examine access to and security of Rowan’s Banner ERP system, based upon industry standards and other appropriate means of evaluation.   Issues, if any, are identified and recommendations for changes / improvements are presented to the Audit Committee of the Rowan University Board of Trustees (BOT).    Upon adoption by the BOT, recommendations become mandates for action.  Follow-up reviews are made by the auditors to determine if compliance is achieved and maintained.

  3. All mandates issued are complied with or the Audit Committee of the BOT is informed of any such lingering deficiency by the auditors. 

  4. Oracle and Ellucian product security are in-built to protect data integrity.

  5. Audit trails are maintained by Enterprise Information Services staff, and within Banner, for all user accounts created, the privileges granted each account (i.e., what the user can view and / or update), and any changes made to such privileges for an account.

  6. Requests for creation of user accounts are routed to the office / functional area which are the steward for the information (e.g., Registrar for student records information; Human Resources for personnel data; Finance / Controller for financial data).  

  7. EIS security staff may create accounts only upon receipt of requests from the approval-awarding-office and only for the privileges specified.   A security audit log is updated daily with all of the transactions that took place that day. 

  8. If questions should arise about access to a particular system or by a specific user (account) to a specific system, in a given time frame, the Data Base Administrators can run audits and produce access reports.

    1. All EIS staff is FERPA trained and violations of confidentially of data, student or other, is not tolerated.  Major disciplinary action is invoked should such occur, including immediate termination of employment. (FERPA training is required of all University personnel; non-compliers or violators are expected to be dealt with appropriately by their supervisors.)
    2. Senior university administrators and Information Resource Technology unit managers – including EIS managers have no “special access” privileges.
    3. Typically the only access accorded such managers is limited to self-service for employees, for access to their personal HR type data.   Department heads also have access to their department’s budget data in Finance and when departmental time entry is undertaken, a manager must have Banner INB access to handle time approval.  (For example,   Jim Henderson and Anne Pinder have Banner HR INB access, for the very limited purpose of reviewing and approving EIS employee timesheets that are entered for Payroll via departmental time entry; as a department head, Henderson also has Finance INB and self-service to view the EIS budget information)

By Direction of the CIO:

Image Removed                                                                         

__________________________________

Mira Lalovic-Hand,
SVP and Chief Information Officer

...