Purpose

The purpose of this standard is to ensure each person has an adequate understanding of the areas to which access is granted. Proficiency in said areas is to be determined/measured by the department or department responsible for stewarding the table or form in question.

Goals

To minimize the risk associated with the misuse of data at Worcester Polytechnic Institute.

Scope

This standard applies to all Banner Database Environments (Banner Web or Oracle Form Based as well as through reporting tools), the ODS (Operational Data Store) the EDW (Enterprise Data Warehouse) and any third party system that has direct access to Banner Data.

Additionally, this standard mandates that all statutory, regulatory, internal policy and technical requirements are clearly defined by the Data Steward and Data Owner responsible for granting access.

Finally, this standard will be applied equally to all Constituents with access to data at Worcester Polytechnic Institute.

Standard

Data Stewards and Data Owners should use the following guidelines and process when conducting the Annual Access Audit:

Data Stewards and Data Owners should use the auditing tools provided (Banner Self-Service Security Menu).

  • Data Stewards and Data Owners will evaluate areas of the Banner Database over which they have authority and designate those areas that they believe require specific qualifications prior to access being granted.
  • Data Stewards and Data Owners will identify what the specific qualifications are based on statutory, regulatory, internal policy and technical requirements.
  • Data Stewards and Data Owners will approve materials used to facilitate qualification.

All changes will be recorded in the database with a date stamp indicating the last time the Class or Role was adjusted. Audits following the initial audit using the web tools will only involve Classes and Roles where some element has changed (members, objects, types of access, etc.)

Revisions

Changes to this standard must be approved by the WPI Governance Committee based on recommendations of WPI Information Technology and the WPI Data Access Working Group.

Revision History

  • June 14, 2009 - Initial Release by Data Access Working Group (DAWG)
  • September 23, 2009 - Approved byGovernance Working Group (GWG)