Policy Management 
    
    Mar 18, 2019  
Policy Management
[Add to Personal Catalog]

DG 1.02pr - Data Security/Access :


SUMMARY/SCOPE
Employees are granted access to relevant data in order to perform assigned duties or in fulfillment of assigned roles or functions at the college. This access is granted solely to conduct college business.

DESCRIPTION
The Data Security/Access Team, under the Charter of Edmonds’ Data Governance Committee (DGC), will approve level of access privileges to college data systems, as authorized by data authorities or their designees. The team will implement and administer controls over the data that employees need to conduct college business; prevent unauthorized access to systems, data, facilities, and networks; and prevent any misuse of, or damage to, computer assets or data. This procedure covers institutional data stored in any college owned or maintained database, or on paper or scanned files.

PROCEDURE DETAILS
The functional requirements which are listed in a college job description determine the type of data and the level of system access employees need to perform their job. These requirements are used to develop and assign a specific User Profile and Security Role for each employee. The defined User Profile and the Security Roles provide the basis for requesting employee access, while maintaining the security and integrity of college data. Levels of access are defined in a section below.

The Data Security/Access Team, under the Charter of the Data Governance Committee, is responsible for maintaining a list of security access assigned to each role mapped to individual employees, in order to ensure the security and integrity of college data and systems.

Supervisors will request employee access via Data Stewards representing each functional area of the college who are then responsible for requesting access to data for employees within their functional areas. The college’s appointed Data Stewards and the DGC are responsible for implementing this procedure. Data Stewards will monitor college data and system usage within their areas to ensure a secure office environment with regard to the data and systems. Data Stewards shall validate the access requirements of staff in their functional areas, according to job functions, before submitting requests for access. The access requests are reviewed and acted upon by the Data Governance Committee.

  • Each employee is responsible for all transactions occurring via the use of their login and password when accessing institutional data systems. An employee shall not share their login identification or passwords with other employees.
  • Each employee is responsible for understanding all data elements that they use. If an employee does not understand the meaning of a data element, that employee must not refer to or alter the data until they consult and discuss the issue with the appropriate Data Steward within their functional area and/or the DGC.
  • An employee’s inappropriate use of institutional data may result in suspension of the user’s access privileges and may result in retraining or disciplinary action, subject to college policies, collective bargaining agreements, and college procedures. An employee’s deliberate misuse of institutional data will result in revocation of the user’s access privileges and disciplinary action, up to and including termination.

Levels of Access
The levels of access are determined by the Data Stewards and approved by the Data Security/Access Team under the Charter of the Data Governance Committee. Levels are defined
as:

  • Create
    • Can add new records to a table. 
  • Read
    •  View, but not change, institutional data.
      • (For example, Intent is to avoid ‘ad hoc’ changes to field usage (Cr Equiv, Test Scores) that solves a local (department problem, but creates systemic issues).
  • Edit
    • Can update or amend contents of fields in tables, but not how fields ‘work’.
  • Delete
    • Can delete records from a table


RELATED POLICIES AND PROCEDURES
DG 1.0 Data Governance
DG 1.01pr Data Governance Committee Charter
DG 1.03pr Data Flow/Availability
DG 1.04pr Data Use/Reporting
DG 1.05pr Data Integrity/Quality

(links to be added)

 

CONTENT OWNER. The primary responsibility for this policy belongs to:
Office of the President

PRIMARY CONTENT CONTRIBUTOR (Director/Dean)
Senior Executive Director of Institutional Effectiveness and Grants

REVIEW PERIOD
Three years.

REVIEW HISTORY
2018-Dec 10  Approved by President’s Cabinet



[Add to Personal Catalog]