Banner and Related Administrative Systems Security

Print Friendly, PDF & Email

University Policy Number 1306

Categorized:

Responsible Office:

Policy Procedure:

  • N/A

Related Law & Policy:

  • N/A

I. SCOPE

This policy applies to all George Mason University faculty, staff, students, and others who access Banner and related administrative systems.

II. POLICY STATEMENT

Each position that requires access to Banner and related administrative systems must be granted the minimum level of access needed to perform the specific job duties of the position.  Access will be granted only after the requestor has signed a confidentiality statement, the supervisor or other appropriate authority has approved the request, and any prerequisite training has been completed.  Access that is no longer necessary will be removed in a timely manner.  Documents supporting access requests including confidentiality agreements with approval will be stored in a secure location, whether on paper or in electronic copy.

III. DEFINITIONS

Banner Security Officer (BSO). A BSO is a University employee who manages access to Banner and related administrative systems.

IV. RESPONSIBILITIES

Banner Security Officer. The BSO is responsible for working with the data steward and department head or designee to design user access, for asking relevant questions in order to minimize unnecessary access, and for approving all user access within his/her Banner module.  The BSO is responsible for assigning access based on documented approval and confirmation that any prerequisite training has been completed.  The BSO is responsible for reviewing a report of terminated employees twice a month, and for removing any related access.  The BSO is responsible for periodically reviewing access changes made in his/her area of responsibility and making the appropriate Data Steward aware of any changes made by an unauthorized user.  The BSO is responsible for reviewing and confirming with department heads at least annually, all user IDs with Banner and related administrative systems access.  In order to manage access changes in an efficient and timely manner, each BSO may delegate BSO responsibilities as appropriate.

Data Steward. The Data Steward is responsible for assigning the BSO for his/her Banner module or application.  Data Stewards are as follows:

Admissions:
Assistant V.P., Enrollment Development/Dean of Admissions
Finance/Student Accounts Receivable:  Associate V.P. and Controller
Financial Aid:  Director, Student Financial Aid
Human Resources/Payroll:  Associate V.P., Human Resources/Payroll
Registrar:  University Registrar
Database Support:  Director, Database Application Services

Department Head. The department head is responsible for evaluating and documenting the business needs of departmental employees in order to assist with design of Banner and related administrative systems access.  The department head is responsible for notifying the security officer of changes in job responsibilities which require access changes, including transfers within the department, transfers within the University, and terminations.

V. EFFECTIVE DATE AND APPROVAL

The policies herein are effective August 1, 2007, and was revised on January 14, 2010. This Administrative Policy shall be reviewed and revised, if necessary, annually to become effective at the beginning of the University’s fiscal year, unless otherwise noted.

Approved:

__/S_____________________
Maurice W. Scherrens
Senior Vice President

__/S_____________________
Peter N. Stearns
Provost

Date approved: August 9, 2007

Revised on January 14, 2010

Date of most recent review: January 29, 2013