Return to accessibility navigation at the top of the page.

Pima County Community College District Standard Practice Guide

SPG Title:  Security Clearance for College Enterprise Resource Planning (ERP) System
SPG Number:  SPG-5702/AE
Effective Date:  11/13/06
Approval Date:  11/13/06
Review Date(s):  5/27/11
Revision Date(s):   5/27/11
Schedule for Review & Update:  May 2014
Unit Responsible for Review & Update:  Information Technology
Sponsoring Unit/Department:  Vice Chancellor for Information Technology
Board Policy Title & No.:  Information Technology Resource Management, BP-5702
Legal Reference:  
Cross Reference:  


Statement of Purpose

The purpose of this SPG is to describe the process of establishing security classifications and steps to obtain clearance to specific functions.

Definitions

A.      The College ERP systems are designed so that access to various functions within the system can be controlled.  This is achieved by assigning security clearances to various functions.  Any individual whose job responsibilities require access to a particular function must be assigned the appropriate security clearance.  The various functions can be grouped into security classifications.  An individual may be given clearance to one or more security classifications.

B.      Data Steward:  Individual responsible for the collection, maintenance, accuracy and completeness of the specified data set(s). 

C.      Module Leader:  Individual responsible for decisions and operational direction as it relates to information technology procedure with the enterprise resource planning system.

Procedures and Responsibilities

A.      Security classifications are developed by the ERP function leaders and database team for review and approval by the associated Data Trustee (SPG-5702/AB).  These are reviewed with each ERP version release to ensure continued applicability based on new and or changed functionality of the system.

B.      The training required for the ERP functions associated with each security classification is identified and individuals must demonstrate proficiency with the material before being assigned clearance.

C.      The request for clearance for an individual must be initiated by the supervisor, who by the request, verifies that the particular clearance is required by the job duties and that the individual has been appropriately trained.

D.      The request for clearance will be reviewed and subject to approval by the function leader(s) with authority for the clearance to the job functions requested.

E.      Approval and security specifications will be transmitted to the District Office of Information Technology for administration of security setup and client notification.