ADMINISTRATIVE PROCEDURE MANUAL SECTION TITLE NUMBER ENTERPRISE APPLICATION SYSTEMS ACCESS PRIVILEGES BASED ON BOARD OF TRUSTEES’ RULE AND TITLE 6Hx7-7.1 Technology PAGE 07-0102 1 OF 3 DATE REVISED July 23, 2015 Purpose The purpose of this procedure is to describe the processes associated with the assignment of access privileges (security) required for the use of college enterprise application systems. Description A. Enterprise application systems are secured by a three-level security architecture, which includes: 1. College Computing Services Account 2. System-level Access (Enterprise Resource Planning (ERP) Main Menu) PeopleSoftTM 3. Application (module) Access (ERP Module Access) B. Access privileges may only be granted to current college employees and authorized contractors. C. Access to the College’s enterprise application systems (including ERP) is available only to those who have been provided access privileges by the appropriate system owner (also known as user group manager). Procedure A. New Employees and Contractors – College Staff Computing Services Account 1. New employees may be granted a college staff computing services account through the employee portal account request system by request of the position supervisor, or designee. 2. Contracted services staff (contractors) may be granted a college staff computing services account through the employee portal account request system by request of the contractor’s college manager/supervisor. Contractors are defined as non-college employees engaged through an executed agreement, which may include successfully passing a criminal history record check as outlined in APM 03-0314, Criminal History Record. B. Enterprise System-level Access 1. Once a college staff computing services account has been activated and the position supervisor, or designee, has determined that the employee or contractor requires specific enterprise application system access as part of their assigned duties, roles and responsibilities (as noted in the approved College job description or contract agreement), a request for system-level access may be submitted through the System-level Access Request System in the employee portal. ADMINISTRATIVE PROCEDURE MANUAL SECTION TITLE NUMBER ENTERPRISE APPLICATION SYSTEMS ACCESS PRIVILEGES BASED ON BOARD OF TRUSTEES’ RULE AND TITLE PAGE 07-0102 2 OF 3 DATE REVISED 6Hx7-7.1 Technology July 23, 2015 C. Application (Module) Access 1. Access to application modules is granted and managed by System Owners through their designated security group, as follows: System Facilities Finance Financial Aid HR/Payroll/Instructor Resource Management (IRM) Student System Owner Executive Director, Facilities Management & Construction Controller Director of Financial Aid Chief Human Resource Officer (CHRO) Registrar 2. The designated System Owners (User Group Managers) are responsible for the development and management of processes dealing with the provisioning of user application (module) access. The Executive Director, Enterprise Applications is responsible for review and certification of system owner authorization approval processes. Upon request by an employee’s (or contractor’s) position supervisor, the User Group Manager assesses the appropriateness of an access request and may grant the requested application user access privileges. 3. System Owners are required to review user access privileges on a regular basis by reviewing and emailing College Information Technology Services (CITS) certifying that the additions, deletions and currently granted access is required for assigned position duties. A separate report will be sent by CITS to the appropriate System Owner for review and reauthorization of security group membership. Audit review reports reviewed by System Owners will be retained in CITS. D. Account Access Changes 1. Once the Information Technology account management team is notified by the Office of Human Resources that an employee or contractor has been transferred or separated from employment, their system-level and application (module) level access will be removed. Employees and contractors whose role with the College has been terminated will have their college computing staff account disabled, removing access to all systems. All renewed account access is granted through the same process as new account creation. Position supervisors must request access for transferred/reassigned employees or contractors. 2. Use of all account access privileges must conform to the College’s approved “User Agreement” and enterprise application security practices as published in the Technology Department Policies & Procedures “ERP Applications Security”. ADMINISTRATIVE PROCEDURE MANUAL SECTION TITLE ENTERPRISE APPLICATION SYSTEMS ACCESS PRIVILEGES BASED ON BOARD OF TRUSTEES’ RULE AND TITLE 6Hx7-7.1 Technology REFERENCES: F.S. 1001.64, SBE Rule 6A-14.0261 Adopted Date: February 26, 2013 Revision Date: July 23, 2015 NUMBER PAGE 07-0102 3 OF 3 DATE REVISED July 23, 2015