![[FSU Seal Image] - Return to Home](/design/fsudesign/images/headerFSUSeal.png)
FSU / Controller's Office / Departmental Business Management Guide / Departmental Business Management Guide - Information Systems Access
Departmental Business Management Guide - Information Systems Access
Contents
Overview
The University employs numerous information systems for financial processes, human resources management, student processes, and reporting. In order to maintain effective controls over these systems, access to them must be controlled and monitored. The administration of these systems is maintained by various entities and through a variety of methods, depending on the information system.
- Online Management of Networked Information (OMNI) – Access to OMNI is obtained with an active FSUID and password. Specific roles and functionality within OMNI is obtained by completing the Online Role Request (e-ORR) system in OMNI. A complete guide to this process can be found in the e-ORR job aid on the OMNI Training site.
- Student Systems Accessed from Northwest Regional Data Center (NWRDC) – Access to NWRDC and its various systems is obtained by completing the NWRDC User ID and System Access form, the applicable Application Authorization form (Application Authorization for Student Academic / Admissions Applications Data Screens or Application Authorization for Student Financial / Cashiering Data Screen) and submitting them to Administrative Information Services (AIS).
- Business Objects – Access to Business Objects is obtained by completing the Business Objects Student Data Authorization Request form and submitting it to ERP.
University Guidelines
University policy dictates that departments are responsible for ensuring that access to information systems is granted only to those employees who must use the specific information contained in those systems in the conduct of University business. Departments must designate a Departmental Security Coordinator (DSC) to communicate and coordinate access to information systems for employees in their departments.
Internal Controls
- Ensure information systems are controlled and properly restricted to authorized personnel.
- Routinely review employee security roles and system access to ensure that information systems access is properly restricted to authorized personnel and take prompt action to remove any unauthorized and/or improper access.
- Ensure proper segregation of duties between personnel approving security access and the individuals performing security reviews.
- Routinely review access of departmental personnel to all information systems to ensure that individuals that handle and/or reconcile financial transactions do not also have the ability to record and/or approve these transactions in the University’s information systems.
Departmental Responsibilities
- Ensuring the Departmental Security Coordinator understands his/her responsibilities.
- Impressing upon staff the necessity of preserving confidentiality of University data and ensuring that all employees have signed the Employee Statement of Understanding Regarding Confidentiality.
- Limiting access to information systems to those employees who have job duties requiring such access.
- Periodically monitoring staff information systems access (at least quarterly), ensuring employees have not mistakenly been granted access and employees that have left your department (either via termination or transfer) have had their access removed. OMNI roles can be checked with the FSU_DPT_VERIFY_SECURITY_ROLES query in OMNI Financials and OMNI HR.
- Encouraging staff to periodically change their passwords.
Resources
- OMNI Forms
- OMNI Training
- AIS Data Management and Security Systems information
- Business Objects XI Information
- Data Management and Computer Security Business Manual
