The new version of MAC OS X, 10.10 (Yosemite) is expected to be released today, Thursday October 16th, and is currently incompatible with the ClearPass registration system and potentially other services at Rowan.

University Policies

University Policies

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

ROWAN UNIVERSITY POLICY

 

Title: Data Governance: EIS Policies & Procedures

Subject: Information Resources and Technology

Policy No: 

Applies: University-wide 

Issuing Authority: Vice President for Information Resources and Technology, Chief Information Officer

Responsible Officer: Vice President for Information Resources and Technology, Chief Information Officer

Adopted: 

Amended: 

Last Revision: 

I. PURPOSE

This policy is intended to cover any Enterprise Information Services (EIS) for which a separate, approved EIS policy does not exist. All EIS-specific use policies must be consistent with this EIS policy. Additional rules and regulations may be adopted by academic and administrative units to meet specific administrative or academic needs. Such additional requirements must be in compliance with applicable federal and state laws, any contractual agreements with the University and its Vendors, and this policy.

II. ACCOUNTABILITY

Under the direction of the Chief Information Officer, Rowan University management shall implement and ensure compliance with this policy.

III. APPLICABILITY

A. This policy applies to all members of the Rowan community who seek to acquire, develop, manage, or use services Enterprise Information Services. It also applies to any contractors, vendors, or service providers, who may access, host, receive, transmit, or otherwise use Rowan’s EIS data.

B. For the purposes of this policy, EIS is defined as:

Enterprise Information Services is responsible for providing critical enterprise software services, applications and support to enable administrative and academic functions to operate effectively, efficiently and securely.

D. HIPAA – The Health Insurance Portability and Accountability Act (HIPAA) is the federal law passed by Congress in 1996 that requires the protection and confidential handling of protected health information.

IV. DEFINITIONS

A. Information Resources and Technology (IRT) – the Rowan University department responsible for the governance of all information and technology.

B. FERPA - The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects students' privacy by prohibiting disclosure of education records without adult consent.

C. Managing Unit – The Rowan University academic or administrative representative, department or division vested with the day-to-day operations of EIS.

V. POLICY

A. Security of Rowan University’s Banner Systems 

  1. Internal and external auditors routinely examine access to and security of Rowan’s Banner ERP system, based upon industry standards and other appropriate means of evaluation.   Issues, if any, are identified and recommendations for changes / improvements are presented to the Audit Committee of the Rowan University Board of Trustees (BOT).    Upon adoption by the BOT, recommendations become mandates for action.  Follow-up reviews are made by the auditors to determine if compliance is achieved and maintained.
  2. All mandates issued are complied with or the Audit Committee of the BOT is informed of any such lingering deficiency by the auditors. 
  3. Oracle and Ellucian product security are in-built to protect data integrity.
  4. Audit trails are maintained by Enterprise Information Services staff, and within Banner, for all user accounts created, the privileges granted each account (i.e., what the user can view and / or update), and any changes made to such privileges for an account.
  5. Requests for creation of user accounts are routed to the office / functional area which are the steward for the information (e.g., Registrar for student records information; Human Resources for personnel data; Finance / Controller for financial data).  
  6. EIS security staff may create accounts only upon receipt of requests from the approval-awarding-office and only for the privileges specified.   A security audit log is updated daily with all of the transactions that took place that day. 
  7. If questions should arise about access to a particular system or by a specific user (account) to a specific system, in a given time frame, the Data Base Administrators can run audits and produce access reports.
      • All EIS staff is FERPA trained and violations of confidentially of data, student or other, is not tolerated.  Major disciplinary action is invoked should such occur, including immediate termination of employment. (FERPA training is required of all University personnel; non-compliers or violators are expected to be dealt with appropriately by their supervisors.)
      • Senior university administrators and Information Resource Technology unit managers – including EIS managers have no “special access” privileges.
      • Typically the only access accorded such managers is limited to self-service for employees, for access to their personal HR type data.   Department heads also have access to their department’s budget data in Finance and when departmental time entry is undertaken, a manager must have Banner INB access to handle time approval.  (For example,   Jim Henderson and Anne Pinder have Banner HR INB access, for the very limited purpose of reviewing and approving EIS employee timesheets that are entered for Payroll via departmental time entry; as a department head, Henderson also has Finance INB and self-service to view the EIS budget information)

VI. ATTACHMENTS

A. Attachment 1, EIS Procedure

By Direction of the CIO:

                                                                         

__________________________________

Mira Lalovic-Hand,

VP and Chief Information Officer

 

ATTACHMENT 1

EIS PROCEDURE

A. EIS Roles and Responsibilities –Employee Policy

  1. Roles and responsibilities with formal job descriptions, training (job specific and security levels.)
  2. The following path identifies the EIS “Roles and Responsibilities” of the formal job descriptions.
    O:\openarea\apir\IR-PARs

 B. EIS “New Employee” Training Plan

  1. The EIS “New Employee” policy for the Computer Services Specialist 3 is located at:
    O:\openarea\eis\Policies and Procedures New employee_Training_Plan

C. EIS Roles and Responsibilities -Employee Policy

  1. Roles and responsibilities with formal job descriptions, training (job specific and security levels.)
  2. The following path identifies the folder that contains the EIS Staff Security privileges that have been granted.
    O:\openarea\apir\IR-PARs\MIS\APPS\EIS Staff Security

(NOTE: This is a secure – restricted area. For access, contact Anne Pinder.)

D. EIS Feeds and Interfaces

  1. Since the implementation of the Banner system, numerous feeds, interfaces and auxiliaries have been implemented.
  2. The following spreadsheet documents the feeds, interfaces and auxiliaries of the Banner system.  Description of Feeds & Interfaces:
    O:\openarea\eis\Internal_Policies

E. System Security Manual

  1. The following path outlines the “Policies and Procedures for Banner Security.”
    O:\openarea\eis\documentation\Banner Security\Security Manual
  2. The security coordinators are Maggie Natal Fennal, Stella Welcer & Frank Comstock. The security coordinators report directly to Mr. Henderson in EIS.   Additionally, Bug 3566 details the additional Security Policies and Procedures.

F. TOS Documentation

The link for TOS Documentation is:

O:\openarea\eis\TOS\Documentation

G. Workflow Policies and Procedures

  1. The link for Workflow Documentation is:
    O:\openarea\eis\Policies and Procedures\Workflow_documentation
    EIS Internal Policies and Procedures  (Released only to Rowan University EIS Staff)
  2. Brown Bag Seminar Slides
    O:\openarea\eis\Unix Tutorials
    • Internal “Brown Bag” seminars 
      • Introduction to Python Part 1
      • Introduction to Python Part 2
      • Introduction to Self Serve Web Pages
      • Unix Refresher
      • IRP Files and Concurrent Cirric Indexes
      • AppMan Development & AppMan PROD

H. Blackboard Documentation

O:\openarea\eis\Policies and Procedures/Blackboard_At_Rowan_Documentation

I. EIS WIki

  1. The EIS Wiki is located at:
    http://banner.rowan.edu/wiki/index.php/Main_Page
    http://banner.rowan.edu/wiki/index.php/Category:EIS_Policy_and_Procedures
    Production Control Procedures
    If you know what you are looking for, there's a Search button in the left margin.

    External Banner Links
    Rowan Banner entry page
    Rowan Banner database schema
    Bugzilla - our bug tracking database
    OnBase_DMS
    eIRBhttp://banner.rowan.edu/wiki/index.php/EIRB

    Recent Changes:
    Banner 8 Releases
    Login Required - You must login to view other pages
    Security  - Only IR employees can log onto the Wiki and edit pages, though the general Rowan employee community can read pages. A special "EIS Only" namespace has been introduced for pages which should not be readable outside of IR. (See EIS Only: Sample Page
  • No labels
Error occurred during template rendering. Contact your administrator for assistance.