SlideShare a Scribd company logo

Employee Access Termination -- Cause 2011

Download as PPTX, PDF
L
lfranz_nc

We received an Institutional Audit comment regarding termination of access to systems. The finding required immediate termination of access upon severance or leaving employment. A team was formed to address the audit comment, identify a new process, and automate account termination within 24 hours of separation. This presentation will provide: o Background and Overview o Policy Review o Access Termination Process o IT Processes/Functionality o Project Implementation o Summary and Lessons Learned Intended audience: Anyone who might find themselves involved in a similar project someday. The presentation will be geared towards a wide audience. Both functional user and technical user information will be included. Presentation will not delve deeply into the “nitty gritty” of programming, but will include an overview. This information could be useful for an HR consultant, Business Analyst, programmer, or manager.

EducationBusinessTechnology
1 of 43
EMPLOYEE ACCESS TERMINATION PROJECT A whale of a tale…
Agenda • Background and Overview • Policy 95 Review • Access Termination Process • IT Processes/Functionality • EAT Project Implementation • Summary
Overview Background • WCU received an Institutional Audit comment regarding termination of access to systems • State Auditor’s review based on ISO 27002 which requires: Immediate termination of access upon severance or leaving employment • Employee Separations = Access Terminations • A team was formed to address the audit comment, identify a new process, and automate account termination within 24 hours of separation • Project was named EAT (Employee Access Termination)
EAT Project Process and Scope Process: 1. Department notifies HR/Career Services/Financial Aid/Graduate School of separation via appropriate separation paperwork. 2. HR separates the employee’s record accordingly in Banner. 3. Automated process reads employee records in Banner to inactivate accounts on the date provided by the appropriate separation paperwork. Scope: Only addressed access termination Granting access was not included in scope Access still dependent on same procedures (hiring / compliance paperwork required)
Policy 95 Review Existing policy for Data Network Security and Access Control • Revised to reflect the realities and possibilities of automated termination Review and approval occurred at many levels • Executive Council • Internal Audit Policy revision required lots of communication • Deans • Department Heads • Administrative Assistants Policy 95: http://www.wcu.edu/25378.asp
Policy 95 stipulates who, what, how, and when… (the rules)
Accountability for Policy Fulfillment WCU’s Office of Internal Audit Review Perspective: It is the responsibility of each department to provide timely notification of employment and termination to HR. Departmental notifications and personnel processing actions are subject to audit by the University’s Internal Auditor and by external auditors. As such, the timeframes for compliance rest at the departmental level. For audit reporting purposes: Comments are added to Banner when paperwork is received by HR after separation date.
Termination Paperwork: Timeliness and Accountability • Departments need to provide paperwork to HR/Career Services/Financial Aid/Graduate School as soon as possible before last work date • If Termination is ‘last minute’, they can call HR to expedite both employee and access termination • Termination: Last work date = last access date - If paperwork is submitted late to HR and no notification is made prior to last work date, access will continue past true last work date. - If Account Access is terminated retroactively for the employee, it may prompt audit questions. Such questions will be directed to the department for clarification and accountability.
New Terminology and Clear Definition Required Terminations are based on “Last Day of Access” (Last Day in the Chair) • Last Work Date, for WCU, references last day of formal work • Formal Contract dates must incorporate complete date range for required network resource access - Contract dates for fixed term Faculty employees reflect time for course fulfillment past last day of class to allow for final tasks to be completed
Access Termination Process How this affects the campus: • Affects all employees and affiliates - SPA, EPA Non-Teaching, Hourly, etc.  Account Inactivation on last work date - Fixed Term ‘Instructor’ type roles (Adjuncts, Teaching GA’s, Faculty, etc.) Account inactivation on Contract End Date - Tenure Track Faculty Account Inactivation based on individual situation • Any remaining business after an employee separation date or contract end date must be facilitated by Director/Department Head since the employee is no longer affiliated with the University
How Access Termination Affects Employees Non Fixed-Term (SPA and EPA) employees • Last Access date determined by last day of work. • Already managed in Banner. Hourly Employees • Last Access date determined by last day of work. • If hourly employee not paid in 6 weeks will be reviewed for termination Fixed-Term (Contract Driven) Employees • Last Day of Access is determined by Contract dates. • Contract start and end dates have been aligned to match true work dates in Banner.
Non-Fixed Term Based Employees SPA, EPA Non-Faculty, Administrative GA’s, and Hourly No Access Employee Former Employee Last Work Date Last Paycheck Last Access Date Last Work Date = Last Access Date
Fixed Term Based Employees Teaching Employees: Fixed Term Faculty, Graduate TA’s, and Adjuncts • No access allowed when not under contract • Access terminated when not under a contract No Access Under Contract Not Under Contract Contract End Dates to use on contracts supplied by HR and Graduate School
Faculty Continuous Access Access remains intact provided that new contracts and compliance paperwork are processed by HR before the end of contract. Spring Fall Spring (contract) (contract) (contract) No break in access
Faculty Access Between Terms Break in Service occurs when a faculty member does not have a contract between major terms. State Regulations and WCU’s Policy Break in Service 95 on Data and Network Security prohibits access for employees that are not Fall under contract. Spring Spring Therefore access (no is not allowed (contract) (contract) contract) during a break in service.
How Access Termination Affects Instructor of Record Instructor Record • Any Instructor of Record association for Faculty, Adjuncts, and Teaching GA’s is ‘Terminated’ • Existing advising association is ‘Terminated’ Instructor Relationships are Affected • Instructor/Advisor role ended for term (SIAINST) • Instructor removed from incomplete and future sections (SSASECT ) Department Head facilitates any questions regarding students after access is terminated
How Access Termination Affects Email and Network Login • Network login is ‘Terminated’ on Last Day of Access • Email is ‘Terminated’ on Last Day of Access • When Expiration Date is Known Before ‘Termination’, Automated Email Reminders Sent to Employees : – Employees may wish to create an auto-response to inform others of their Last Access Day and alternative contact information prior to their last work date
IT Processes and Functionality Engaged to Facilitate Terminations • Supplemental Data Engine fields - Capture ‘paperwork received date’ to track tardy paperwork and access terminations, which provides audit information • WCU Identity Management Roles utilized - Easily apply termination rules to specific population sets • Event Initiation and Processing - Last Day of Access determines entry into the event processing queue - Access Termination is processed for registered applications - Scalable mechanism for additional automated event and termination processing
Banner Set-up for SDE 4) Run the generated DDL as appropriate user
DDL Creates New View PEAEMPL_ADD view contains existing table elements, plus additional comment fields:
PEAEMPL -- Comment Fields
WCU Roles: What are they? A high level view of our data reveals three basic roles
Role Sub-Components: Each Role (i.e., “STUDENT”) Reveals a Variety of Sub-Roles Intending Student? Future Cullowhee Student? Commuter? STUDENT Former Currently Student? Enrolled? Continuing?
Role Creation: Scalable Mechanism for Identifying, Managing, and Consuming Roles Role Role Memberships Sub-Role Memberships
Role Set-Up Role Validation Table: Rule Definitions for Role Creation:
Example of Role Membership Worker Guests • One role may, or may Cullowhee Commuter Permanent Staff Worker not, be a member of Hourly Staff Worker Temporary Staff Worker other roles All Faculty Adjunct Faculty Worker All Faculty • One role may consist of Faculty Administrative Student All Faculty Worker many combined roles Worker Work Study Administrative Student • One role may be a Non-Work Study Worker Administrative Student member of multiple Worker other roles GA (non-teaching, non-lab) Administrative Student Worker
Role Maintenance • Individual role • PLSQL packages memberships are written to utilize role activated/in-activated definition rules to every two hours, based create/maintain role upon data changes in populations Banner, our system of record • Populations refreshed • One individual may via UC4 (AppWorx) belong to multiple batch processing jobs roles concurrently
Sample Person Look-Up Report Utilizing Role Information …
Roles Provide: • Precise definition  understanding • Stability of populations  error reduction • Single source of data sameness across systems • Auditing information policy enforcement – Banner data drives role membership – Banner data drives access control
Sample Role Selection (used in BlackBoard Integration) WITH BB_Users AS (SELECT * FROM TABLE (wcuidm.f_group_members ('E')) UNION SELECT * FROM TABLE (wcuidm.f_group_members ('35')) UNION SELECT * FROM TABLE (wcuidm.f_group_members ('SA')) UNION SELECT * FROM TABLE (wcuidm.f_group_members ('8'))) Role Codes
WCU Identity Management Roles • Easy to figure out problems and solutions • Wide application for use campus-wide PeopleAdmin Active Online Directory Directory (synced with Outlook) Pawprint Reports Identity Management (PersonLookup, Security Groups New Hires, and Distribution Terminations) Lists LMS Portal (Luminis) (Blackboard)
Event Initiation, Fulfillment and Processing
Events: Process and Timing • Processing Runs Daily at 1am • Individuals in Active Roles, with access expiration as of previous date, are placed in the queue for termination • Registered applications are processed against each event termination • Backup data is archived • Detailed outcomes are logged • Event processing is auditable and reportable
Events: Timing and Human Error • Recognizing we are all human, we allowed for inevitable unintended consequences… • One caveat was built into the processing to allow for human error and paperwork timeliness – Seven-day window for automated “un-termination”  Paperwork was a day late  “Fat-finger” on the keyboard resulted in incorrect update
Event Processing Report Samples Instructor Associations – Useful for Departments
Upcoming Terminations Departments can subscribe to reports to track known, upcoming terminations. This is helpful for getting paperwork in on time.
Event Queue Summary Useful for Audit and Internal Control
Event Log Details Per Registered Application Useful for Audit and Internal Control
Project Magnitude and Resources • Upper level support (multiple project demands) • Subject Matter Experts involved for expertise and judgment calls (HR, IT, Project Management; others as needed: Departments, Registrar, etc.) • Time commitment (2 hr meetings/twice weekly, independent work time) • Complexity (policy, rules, process, data) • Reporting to the Executive Council weekly • End user training to departmental users, as well as internal users (i.e. help desk) • Communication Plan campus wide
Project Timeline • Project kickoff in November • Initial request for Go-Live: January • Complexities, communication, holiday timing, policy changes, program spec and development, and thorough testing demanded longer timeline • Revised Go-Live: March • Implemented in Audit mode in PROD: February 8 • Implemented in Update mode in PROD: March 1 • Continued communication, as well as minor program and reporting revisions during March • Final Project Wrap-Up: early April
Lessons Learned • Clearly defined business practices and policies are crucial • Continuous education is necessary for management turnover • “Panic control” can be managed by having solid business practices in place for problem investigation and resolution when possible issues arise • Change is difficult; education is key
Summary • Audit defensible system – Revising policies to meet auditor and WCU business practices – Clarifying early access / late access based on stakeholders/audit requirements • Created efficiencies • Provide timely service to campus • Accountability
Conclusion "Change is hard because people overestimate the value of what they have—and underestimate the value of what they may gain by giving that up." - James Belasco and Ralph Stayer Flight of the Buffalo (1994)

Recommended

Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory ServicesVarun Arora
 
Employment termination
Employment terminationEmployment termination
Employment terminationMaria Cristina Payofelin
 
Termination process and procedures - Power Point
Termination process and procedures - Power PointTermination process and procedures - Power Point
Termination process and procedures - Power PointLaura Lee
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory TrainingNishad Sukumaran
 
Leave management system
Leave management systemLeave management system
Leave management systemAyushi Gaur
 
Oracle Time and Labor
Oracle Time and LaborOracle Time and Labor
Oracle Time and LaborAXIA Consulting Inc.
 
Payroll Time Reporting Final
Payroll Time Reporting FinalPayroll Time Reporting Final
Payroll Time Reporting Finalmayurvador1985
 
Impro
ImproImpro
Improabhishek4official
 

Recommended

Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory ServicesVarun Arora
 
Employment termination
Employment terminationEmployment termination
Employment terminationMaria Cristina Payofelin
 
Termination process and procedures - Power Point
Termination process and procedures - Power PointTermination process and procedures - Power Point
Termination process and procedures - Power PointLaura Lee
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory TrainingNishad Sukumaran
 
Leave management system
Leave management systemLeave management system
Leave management systemAyushi Gaur
 
Oracle Time and Labor
Oracle Time and LaborOracle Time and Labor
Oracle Time and LaborAXIA Consulting Inc.
 
Payroll Time Reporting Final
Payroll Time Reporting FinalPayroll Time Reporting Final
Payroll Time Reporting Finalmayurvador1985
 
Impro
ImproImpro
Improabhishek4official
 
IMPRO
IMPROIMPRO
IMPROAbhishek Kumar
 
Residential safety office_business analysis_project
Residential safety office_business analysis_projectResidential safety office_business analysis_project
Residential safety office_business analysis_projectNilesh Padwal
 
Timeginee Presentation.pptx
Timeginee Presentation.pptxTimeginee Presentation.pptx
Timeginee Presentation.pptxMarkLloydBiar
 
GROUP -G.pptx
GROUP -G.pptxGROUP -G.pptx
GROUP -G.pptxsuper561
 
IRJET - Faculty Leave Management System
IRJET - Faculty Leave Management SystemIRJET - Faculty Leave Management System
IRJET - Faculty Leave Management SystemIRJET Journal
 
time tracking tools for remote work.pptx
time tracking tools for remote work.pptxtime tracking tools for remote work.pptx
time tracking tools for remote work.pptxMitchell Marsh
 
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02Durga Prasad Mishra
 
Promotion to Full Professor April 21, 2015
Promotion to Full Professor April 21, 2015Promotion to Full Professor April 21, 2015
Promotion to Full Professor April 21, 2015UO-AcademicAffairs
 
Attrition Cost Calculation
Attrition Cost CalculationAttrition Cost Calculation
Attrition Cost CalculationAmit Kumar Nayak
 
Presentation Slides of College Management System Report
Presentation Slides of College Management System ReportPresentation Slides of College Management System Report
Presentation Slides of College Management System ReportMuhammadHusnainRaza
 
Praveen Kumar
Praveen KumarPraveen Kumar
Praveen KumarPRAVEEN KUMAR
 
3 payroll-presentation
3 payroll-presentation3 payroll-presentation
3 payroll-presentationAcel Carl David O, Dolindo
 
Sujithra_ Resume
Sujithra_ ResumeSujithra_ Resume
Sujithra_ ResumeSujithra Nair
 
A Brief View on HR Policies and Practices of Daffodil International University
A Brief View on HR Policies and Practices of Daffodil International UniversityA Brief View on HR Policies and Practices of Daffodil International University
A Brief View on HR Policies and Practices of Daffodil International UniversityFaiyaz Naveed
 
Proposal DMS
Proposal DMS Proposal DMS
Proposal DMS Media-Mosaic
 
CQ/VMS Global Presentation
CQ/VMS Global PresentationCQ/VMS Global Presentation
CQ/VMS Global Presentationangelodanielrossi
 
Increase your resource capacity without hiring ppt
Increase your resource capacity without hiring pptIncrease your resource capacity without hiring ppt
Increase your resource capacity without hiring pptp6academy
 
Empower Employees with New Generation HRMS
Empower Employees with New Generation HRMSEmpower Employees with New Generation HRMS
Empower Employees with New Generation HRMSRahel Tribhuvan
 
Project management overview
Project management overviewProject management overview
Project management overviewBudi Setiawan
 
Automating batch degree audit processing
Automating batch degree audit processingAutomating batch degree audit processing
Automating batch degree audit processingjofsink
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 

More Related Content

Similar to Employee Access Termination -- Cause 2011

Residential safety office_business analysis_project
Residential safety office_business analysis_projectResidential safety office_business analysis_project
Residential safety office_business analysis_projectNilesh Padwal
 
Timeginee Presentation.pptx
Timeginee Presentation.pptxTimeginee Presentation.pptx
Timeginee Presentation.pptxMarkLloydBiar
 
GROUP -G.pptx
GROUP -G.pptxGROUP -G.pptx
GROUP -G.pptxsuper561
 
IRJET - Faculty Leave Management System
IRJET - Faculty Leave Management SystemIRJET - Faculty Leave Management System
IRJET - Faculty Leave Management SystemIRJET Journal
 
time tracking tools for remote work.pptx
time tracking tools for remote work.pptxtime tracking tools for remote work.pptx
time tracking tools for remote work.pptxMitchell Marsh
 
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02Durga Prasad Mishra
 
Promotion to Full Professor April 21, 2015
Promotion to Full Professor April 21, 2015Promotion to Full Professor April 21, 2015
Promotion to Full Professor April 21, 2015UO-AcademicAffairs
 
Attrition Cost Calculation
Attrition Cost CalculationAttrition Cost Calculation
Attrition Cost CalculationAmit Kumar Nayak
 
Presentation Slides of College Management System Report
Presentation Slides of College Management System ReportPresentation Slides of College Management System Report
Presentation Slides of College Management System ReportMuhammadHusnainRaza
 
A Brief View on HR Policies and Practices of Daffodil International University
A Brief View on HR Policies and Practices of Daffodil International UniversityA Brief View on HR Policies and Practices of Daffodil International University
A Brief View on HR Policies and Practices of Daffodil International UniversityFaiyaz Naveed
 
Increase your resource capacity without hiring ppt
Increase your resource capacity without hiring pptIncrease your resource capacity without hiring ppt
Increase your resource capacity without hiring pptp6academy
 
Empower Employees with New Generation HRMS
Empower Employees with New Generation HRMSEmpower Employees with New Generation HRMS
Empower Employees with New Generation HRMSRahel Tribhuvan
 
Project management overview
Project management overviewProject management overview
Project management overviewBudi Setiawan
 
Automating batch degree audit processing
Automating batch degree audit processingAutomating batch degree audit processing
Automating batch degree audit processingjofsink
 

Similar to Employee Access Termination -- Cause 2011 (20)

IMPRO
IMPROIMPRO
IMPRO
 
Residential safety office_business analysis_project
Residential safety office_business analysis_projectResidential safety office_business analysis_project
Residential safety office_business analysis_project
 
Timeginee Presentation.pptx
Timeginee Presentation.pptxTimeginee Presentation.pptx
Timeginee Presentation.pptx
 
GROUP -G.pptx
GROUP -G.pptxGROUP -G.pptx
GROUP -G.pptx
 
IRJET - Faculty Leave Management System
IRJET - Faculty Leave Management SystemIRJET - Faculty Leave Management System
IRJET - Faculty Leave Management System
 
time tracking tools for remote work.pptx
time tracking tools for remote work.pptxtime tracking tools for remote work.pptx
time tracking tools for remote work.pptx
 
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02
SYSTEM LIFE CYCLE_DurgaPrasad_TA Assignemnt 02
 
Promotion to Full Professor April 21, 2015
Promotion to Full Professor April 21, 2015Promotion to Full Professor April 21, 2015
Promotion to Full Professor April 21, 2015
 
Attrition Cost Calculation
Attrition Cost CalculationAttrition Cost Calculation
Attrition Cost Calculation
 
Presentation Slides of College Management System Report
Presentation Slides of College Management System ReportPresentation Slides of College Management System Report
Presentation Slides of College Management System Report
 
Praveen Kumar
Praveen KumarPraveen Kumar
Praveen Kumar
 
3 payroll-presentation
3 payroll-presentation3 payroll-presentation
3 payroll-presentation
 
Sujithra_ Resume
Sujithra_ ResumeSujithra_ Resume
Sujithra_ Resume
 
A Brief View on HR Policies and Practices of Daffodil International University
A Brief View on HR Policies and Practices of Daffodil International UniversityA Brief View on HR Policies and Practices of Daffodil International University
A Brief View on HR Policies and Practices of Daffodil International University
 
Proposal DMS
Proposal DMS Proposal DMS
Proposal DMS
 
CQ/VMS Global Presentation
CQ/VMS Global PresentationCQ/VMS Global Presentation
CQ/VMS Global Presentation
 
Increase your resource capacity without hiring ppt
Increase your resource capacity without hiring pptIncrease your resource capacity without hiring ppt
Increase your resource capacity without hiring ppt
 
Empower Employees with New Generation HRMS
Empower Employees with New Generation HRMSEmpower Employees with New Generation HRMS
Empower Employees with New Generation HRMS
 
Project management overview
Project management overviewProject management overview
Project management overview
 
Automating batch degree audit processing
Automating batch degree audit processingAutomating batch degree audit processing
Automating batch degree audit processing
 

Recently uploaded

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 

Recently uploaded (20)

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Employee Access Termination -- Cause 2011

  • 1. EMPLOYEE ACCESS TERMINATION PROJECT A whale of a tale…
  • 2. Agenda • Background and Overview • Policy 95 Review • Access Termination Process • IT Processes/Functionality • EAT Project Implementation • Summary
  • 3. Overview Background • WCU received an Institutional Audit comment regarding termination of access to systems • State Auditor’s review based on ISO 27002 which requires: Immediate termination of access upon severance or leaving employment • Employee Separations = Access Terminations • A team was formed to address the audit comment, identify a new process, and automate account termination within 24 hours of separation • Project was named EAT (Employee Access Termination)
  • 4. EAT Project Process and Scope Process: 1. Department notifies HR/Career Services/Financial Aid/Graduate School of separation via appropriate separation paperwork. 2. HR separates the employee’s record accordingly in Banner. 3. Automated process reads employee records in Banner to inactivate accounts on the date provided by the appropriate separation paperwork. Scope: Only addressed access termination Granting access was not included in scope Access still dependent on same procedures (hiring / compliance paperwork required)
  • 5. Policy 95 Review Existing policy for Data Network Security and Access Control • Revised to reflect the realities and possibilities of automated termination Review and approval occurred at many levels • Executive Council • Internal Audit Policy revision required lots of communication • Deans • Department Heads • Administrative Assistants Policy 95: http://www.wcu.edu/25378.asp
  • 6. Policy 95 stipulates who, what, how, and when… (the rules)
  • 7. Accountability for Policy Fulfillment WCU’s Office of Internal Audit Review Perspective: It is the responsibility of each department to provide timely notification of employment and termination to HR. Departmental notifications and personnel processing actions are subject to audit by the University’s Internal Auditor and by external auditors. As such, the timeframes for compliance rest at the departmental level. For audit reporting purposes: Comments are added to Banner when paperwork is received by HR after separation date.
  • 8. Termination Paperwork: Timeliness and Accountability • Departments need to provide paperwork to HR/Career Services/Financial Aid/Graduate School as soon as possible before last work date • If Termination is ‘last minute’, they can call HR to expedite both employee and access termination • Termination: Last work date = last access date - If paperwork is submitted late to HR and no notification is made prior to last work date, access will continue past true last work date. - If Account Access is terminated retroactively for the employee, it may prompt audit questions. Such questions will be directed to the department for clarification and accountability.
  • 9. New Terminology and Clear Definition Required Terminations are based on “Last Day of Access” (Last Day in the Chair) • Last Work Date, for WCU, references last day of formal work • Formal Contract dates must incorporate complete date range for required network resource access - Contract dates for fixed term Faculty employees reflect time for course fulfillment past last day of class to allow for final tasks to be completed
  • 10. Access Termination Process How this affects the campus: • Affects all employees and affiliates - SPA, EPA Non-Teaching, Hourly, etc.  Account Inactivation on last work date - Fixed Term ‘Instructor’ type roles (Adjuncts, Teaching GA’s, Faculty, etc.) Account inactivation on Contract End Date - Tenure Track Faculty Account Inactivation based on individual situation • Any remaining business after an employee separation date or contract end date must be facilitated by Director/Department Head since the employee is no longer affiliated with the University
  • 11. How Access Termination Affects Employees Non Fixed-Term (SPA and EPA) employees • Last Access date determined by last day of work. • Already managed in Banner. Hourly Employees • Last Access date determined by last day of work. • If hourly employee not paid in 6 weeks will be reviewed for termination Fixed-Term (Contract Driven) Employees • Last Day of Access is determined by Contract dates. • Contract start and end dates have been aligned to match true work dates in Banner.
  • 12. Non-Fixed Term Based Employees SPA, EPA Non-Faculty, Administrative GA’s, and Hourly No Access Employee Former Employee Last Work Date Last Paycheck Last Access Date Last Work Date = Last Access Date
  • 13. Fixed Term Based Employees Teaching Employees: Fixed Term Faculty, Graduate TA’s, and Adjuncts • No access allowed when not under contract • Access terminated when not under a contract No Access Under Contract Not Under Contract Contract End Dates to use on contracts supplied by HR and Graduate School
  • 14. Faculty Continuous Access Access remains intact provided that new contracts and compliance paperwork are processed by HR before the end of contract. Spring Fall Spring (contract) (contract) (contract) No break in access
  • 15. Faculty Access Between Terms Break in Service occurs when a faculty member does not have a contract between major terms. State Regulations and WCU’s Policy Break in Service 95 on Data and Network Security prohibits access for employees that are not Fall under contract. Spring Spring Therefore access (no is not allowed (contract) (contract) contract) during a break in service.
  • 16. How Access Termination Affects Instructor of Record Instructor Record • Any Instructor of Record association for Faculty, Adjuncts, and Teaching GA’s is ‘Terminated’ • Existing advising association is ‘Terminated’ Instructor Relationships are Affected • Instructor/Advisor role ended for term (SIAINST) • Instructor removed from incomplete and future sections (SSASECT ) Department Head facilitates any questions regarding students after access is terminated
  • 17. How Access Termination Affects Email and Network Login • Network login is ‘Terminated’ on Last Day of Access • Email is ‘Terminated’ on Last Day of Access • When Expiration Date is Known Before ‘Termination’, Automated Email Reminders Sent to Employees : – Employees may wish to create an auto-response to inform others of their Last Access Day and alternative contact information prior to their last work date
  • 18. IT Processes and Functionality Engaged to Facilitate Terminations • Supplemental Data Engine fields - Capture ‘paperwork received date’ to track tardy paperwork and access terminations, which provides audit information • WCU Identity Management Roles utilized - Easily apply termination rules to specific population sets • Event Initiation and Processing - Last Day of Access determines entry into the event processing queue - Access Termination is processed for registered applications - Scalable mechanism for additional automated event and termination processing
  • 19. Banner Set-up for SDE 4) Run the generated DDL as appropriate user
  • 20. DDL Creates New View PEAEMPL_ADD view contains existing table elements, plus additional comment fields:
  • 22. WCU Roles: What are they? A high level view of our data reveals three basic roles
  • 23. Role Sub-Components: Each Role (i.e., “STUDENT”) Reveals a Variety of Sub-Roles Intending Student? Future Cullowhee Student? Commuter? STUDENT Former Currently Student? Enrolled? Continuing?
  • 24. Role Creation: Scalable Mechanism for Identifying, Managing, and Consuming Roles Role Role Memberships Sub-Role Memberships
  • 25. Role Set-Up Role Validation Table: Rule Definitions for Role Creation:
  • 26. Example of Role Membership Worker Guests • One role may, or may Cullowhee Commuter Permanent Staff Worker not, be a member of Hourly Staff Worker Temporary Staff Worker other roles All Faculty Adjunct Faculty Worker All Faculty • One role may consist of Faculty Administrative Student All Faculty Worker many combined roles Worker Work Study Administrative Student • One role may be a Non-Work Study Worker Administrative Student member of multiple Worker other roles GA (non-teaching, non-lab) Administrative Student Worker
  • 27. Role Maintenance • Individual role • PLSQL packages memberships are written to utilize role activated/in-activated definition rules to every two hours, based create/maintain role upon data changes in populations Banner, our system of record • Populations refreshed • One individual may via UC4 (AppWorx) belong to multiple batch processing jobs roles concurrently
  • 28. Sample Person Look-Up Report Utilizing Role Information …
  • 29. Roles Provide: • Precise definition  understanding • Stability of populations  error reduction • Single source of data sameness across systems • Auditing information policy enforcement – Banner data drives role membership – Banner data drives access control
  • 30. Sample Role Selection (used in BlackBoard Integration) WITH BB_Users AS (SELECT * FROM TABLE (wcuidm.f_group_members ('E')) UNION SELECT * FROM TABLE (wcuidm.f_group_members ('35')) UNION SELECT * FROM TABLE (wcuidm.f_group_members ('SA')) UNION SELECT * FROM TABLE (wcuidm.f_group_members ('8'))) Role Codes
  • 31. WCU Identity Management Roles • Easy to figure out problems and solutions • Wide application for use campus-wide PeopleAdmin Active Online Directory Directory (synced with Outlook) Pawprint Reports Identity Management (PersonLookup, Security Groups New Hires, and Distribution Terminations) Lists LMS Portal (Luminis) (Blackboard)
  • 33. Events: Process and Timing • Processing Runs Daily at 1am • Individuals in Active Roles, with access expiration as of previous date, are placed in the queue for termination • Registered applications are processed against each event termination • Backup data is archived • Detailed outcomes are logged • Event processing is auditable and reportable
  • 34. Events: Timing and Human Error • Recognizing we are all human, we allowed for inevitable unintended consequences… • One caveat was built into the processing to allow for human error and paperwork timeliness – Seven-day window for automated “un-termination”  Paperwork was a day late  “Fat-finger” on the keyboard resulted in incorrect update
  • 35. Event Processing Report Samples Instructor Associations – Useful for Departments
  • 36. Upcoming Terminations Departments can subscribe to reports to track known, upcoming terminations. This is helpful for getting paperwork in on time.
  • 37. Event Queue Summary Useful for Audit and Internal Control
  • 38. Event Log Details Per Registered Application Useful for Audit and Internal Control
  • 39. Project Magnitude and Resources • Upper level support (multiple project demands) • Subject Matter Experts involved for expertise and judgment calls (HR, IT, Project Management; others as needed: Departments, Registrar, etc.) • Time commitment (2 hr meetings/twice weekly, independent work time) • Complexity (policy, rules, process, data) • Reporting to the Executive Council weekly • End user training to departmental users, as well as internal users (i.e. help desk) • Communication Plan campus wide
  • 40. Project Timeline • Project kickoff in November • Initial request for Go-Live: January • Complexities, communication, holiday timing, policy changes, program spec and development, and thorough testing demanded longer timeline • Revised Go-Live: March • Implemented in Audit mode in PROD: February 8 • Implemented in Update mode in PROD: March 1 • Continued communication, as well as minor program and reporting revisions during March • Final Project Wrap-Up: early April
  • 41. Lessons Learned • Clearly defined business practices and policies are crucial • Continuous education is necessary for management turnover • “Panic control” can be managed by having solid business practices in place for problem investigation and resolution when possible issues arise • Change is difficult; education is key
  • 42. Summary • Audit defensible system – Revising policies to meet auditor and WCU business practices – Clarifying early access / late access based on stakeholders/audit requirements • Created efficiencies • Provide timely service to campus • Accountability
  • 43. Conclusion "Change is hard because people overestimate the value of what they have—and underestimate the value of what they may gain by giving that up." - James Belasco and Ralph Stayer Flight of the Buffalo (1994)