Menu
Home > Policies > Policy & Procedure >
Policy & Procedure
Policy Title :
Data Access Policy
Policy Number :
VIII. 3
Responsible Party :
Information Technology
Effective Date :
08/01/2014
Revised Date :
_______________________

Purpose

Administrative data captured and maintained at PMU are a valuable university resource. To protect PMU sensitive data from unauthorized disclosure and inappropriate use the ERP system contains data from multiple operational areas that need to be integrated in order to support institutional business analysis, reporting, and decision making. The purpose of this ERP Data Policy is to ensure the security, confidentiality and appropriate use of all ERP data which is processed, stored, maintained, or transmitted on PMU computer systems. This includes protection from unauthorized modification, destruction, or disclosure, whether intentional or accidental. This policy applies not only to stored information but also to the use of the various computerized systems and computerized programs used to generate or access data, the computers which run those programs including workstations to which the data has been downloaded, and the monitors and printed documents that display data.

Statement :

Definitions

ERPData– Any data that resides on, is transmitted to, or extracted from any ERP system, including databases or database tables/views, file systems and directories, and forms.

ERP Security Administrator – An IT professional position in the IT Department is responsible for processing approved requests.

ERP System – Human Resources, Finance, Student, Financial Aid, Luminas, Executives reporting tool, Banner Online Reports, ERT and any other interfaces to these systems.

 

Data Owners - Data Owners are responsible for determining who should have access to data within their jurisdiction, and what those access privileges should be. Responsibilities for implementing security measures may be delegated, though accountability remains with the owner of the data.

 

Area of Responsibility Data Owner(s)

Student System                                :           Student Affairs Dept.

Student Financial Aid System:  Budget and Accounting Dept. Finance System                 :         Budget and Accounting Dept. Human Resources System           :         HR Dept.

Faculty Academic                            :           Student Affairs Dept. Accounts Receivable                                                            :           Budget and Accounting Dept.

 

Data Custodians - Data Custodians oversee data management functions related to the capture, maintenance and dissemination of data for a particular operational area. They are responsible for the general administration of user access to data within their area(s) of responsibility. Data Custodians are appointed by the respective Data Owner.

 

Data Users - Data users are individuals who access ERP data in order to perform their assigned duties or fulfill their role in the PMU.

 

Query access – Access enabling the user to view but not update ERP data.

 

Maintenance access – Access enabling the user to both view and update ERP data. This access is limited to users directly responsible for the collection and maintenance of data.

 

Data Administration

By University policy, certain data is confidential and may not be released without proper authorization. All PMU ERP data, whether maintained in the central database or captured by other data systems, including personal computers, remains the property of PMU. Department heads are responsible for ensuring a secure office environment regarding all ERP data. Department heads will review the ERP data access needs of their staff as it pertains to their job functions before requesting access via the Banner Access Request Form. ERP data (regardless of how collected or maintained) will only be shared among those employees who have demonstrated a job related need to know.

 

Access to ERP Data

Below are the requirements and limitations for all PMU Divisions/Departments to follow in obtaining permission for access to ERP data. Division/Department  heads must request access authorization for each user under their supervision by completing and submitting a Banner

 

Access Request Form

Approved requests will be forwarded to the ERP Security Administrator for processing. Under no circumstances will access be granted without approval of the appropriate department heads.

 

Secured Access to Data

ERP security classifications will be established based on job function. Specific capabilities will be assigned to each security classification. Each user will be assigned a security classification. Some users may be assigned several security classifications depending on specific needs identified by their Division/Department head. The use of generic accounts is prohibited for any use that could contain protected data.