Annual CMS Security Reauthorization

CSU Policy and CSU, Chico Account Management Standards require that all user accounts be reviewed at least annually to ensure that access and account privileges are commensurate with job function, need-to-know, and employment status.  To meet these policies and standards, an on-line PeopleSoft Annual Reauthorization of Roles process will be conducted in March 2015.  This on-line reauthorization is for Student Administration, Human Resources and Financials PeopleSoft access.

Deadlines

While there are deadlines for each step in the process, each group can complete their part immediately following the preceding step.

  • Lead/Supervisor reviews by – 3/6/15
  • Employee confirms by – 3/13/15
  • MPP (management/admin) approves by – 3/22/15

Step 1 – Lead/Supervisor Review (March 2 - 6)

Leads/Supervisors who authorize employee access to PeopleSoft data will receive an e-mail from cmssecurityreauth@csuchico.edu with a link to a user-friendly dashboard within Insight.  This report will list all individuals in their area who currently have access to PeopleSoft data based on a prior request indicating a business need for the data.  If the current access includes confidential data, supervisors will also need to certify that there is a continued business need for that access.

Each direct report will need to be reviewed and reauthorized in order to complete this step.   Lead/Supervisor electronic approval will be tracked and stored for audit purposes, and notifications will be sent to the appropriate security area. If access is reauthorized, the employee will be required to complete Step 2. 

To go to the Dashboard, click here.

Step 2 – Employee Confirmation (prior to March 13)

An employee whose access to PeopleSoft data has been reauthorized will receive an e-mail from cmssecurityreauth@csuchico.edu with a link to a user-friendly dashboard within Insight.  This report will list all of the employee’s current access to PeopleSoft data that has been reviewed by his or her lead/supervisor.

The employee will need to certify that he or she has a continued business need to see the data and has read and agrees to comply with the current information security policies and procedures. The employee’s electronic acceptance will be tracked and stored for audit purposes.

To go to the Dashboard, click here.

Step 3 – MPP (management/admin) Approval (prior to March 20)

MPPs with indirect reports will receive an e-mail from cmssecurityreauth@csuchico.edu with a link to a user-friendly dashboard within Insight.  This report will list individuals who indirectly report to their area and who currently have access to PeopleSoft data based on a prior request indicating a business need for the data. “Indirect reports” are employees that report to someone who then reports to you.

Each indirect report will need to be reviewed and reauthorized in order to complete this step.   MPP electronic approval will be tracked and stored for audit purposes, and notifications will be sent to the appropriate security area.  If the current access includes confidential data, you will also need to certify that there is a continued business need for that access.

To go to the Dashboard, click here.

CMS Security Reauthorization Process Flow

CMS Security Reauthorization Process Flow

Background and Requirements:

It is the responsibility of the Employee as well as the Lead/Supervisor to understand the security roles and permissions assigned to each employee.  Access and account privileges must be commensurate with job function, need-to-know, and employment status.   It is the responsibility of the Employee, Lead/Supervisor, and Appropriate Administrator to verify that access to information resources has been revoked in cases where employee has experienced a change of employment (e.g., termination or position change), or when job duties no longer provide a legitimate business reason for access (CSU Information Security Policy ICSUAM 8030 300, ICSUAM 8060 500).

Except where specifically permitted by campus policy and by the appropriate data owner, Lead Supervisors and Appropriate Administrators may not re-authorize employee roles or permissions for positions or responsibilities for which the Lead/Supervisor or Appropriate Administrator is not responsible (ie. employees with multiple positions).

References

CSU Information Security Policy ICSUAM Section 8000   

CSU Access Control Policy ICSUAM 8060

CSU Access Control Standard 8060.S000

CSU Asset Management Policy ICSUAM 8065

CSU, Chico Account Management Standards

Frequently Asked Questions (FAQs)

Why are we doing this reauthorization?

CSU Policy and CSU, Chico Account Management Standards require that all user accounts be reviewed at least annually to ensure that access and account privileges are commensurate with job function, need-to-know, and employment status. 

Who do I contact if I have questions regarding the process?

E-mail cmssecurityreauth@csuchico.edu with any questions regarding this process.

Who do I contact if I do not understand someone’s access?

E-mail the appropriate CMS security team with specific CMS access questions:

CMS HCM - Human Resources Module: hrsecurity@csuchico.edu

CMS HCM - Student Module: sasecurity@csuchico.edu