Banner and Related Administrative Systems Security
University Policy Number 1306
Responsible Office: Vice President of Information Technology/CIO
Related Law & Policy:
This policy applies to all George Mason University faculty, staff, students, and others who access Banner and related administrative systems.
II. POLICY STATEMENT
Each position that requires access to Banner and related administrative systems must be granted the minimum level of access needed to perform the specific job duties of the position. Access will be granted only after the requestor has signed a confidentiality statement, the supervisor or other appropriate authority has approved the request, and any prerequisite training has been completed. Access that is no longer necessary will be removed in a timely manner. Documents supporting access requests including confidentiality agreements with approval will be stored in a secure location, whether on paper or in electronic copy.
Banner Security Officer (BSO). A BSO is a University employee who manages access to Banner and related administrative systems.
Banner Security Officer. The BSO is responsible for working with the data steward and department head or designee to design user access, for asking relevant questions in order to minimize unnecessary access, and for approving all user access within his/her Banner module. The BSO is responsible for assigning access based on documented approval and confirmation that any prerequisite training has been completed. The BSO is responsible for reviewing a report of terminated employees twice a month, and for removing any related access. The BSO is responsible for periodically reviewing access changes made in his/her area of responsibility and making the appropriate Data Steward aware of any changes made by an unauthorized user. The BSO is responsible for reviewing and confirming with department heads at least annually, all user IDs with Banner and related administrative systems access. In order to manage access changes in an efficient and timely manner, each BSO may delegate BSO responsibilities as appropriate.
Data Steward. The Data Steward is responsible for assigning the BSO for his/her Banner module or application. Data Stewards are as follows:
Assistant V.P., Enrollment Development/Dean of Admissions
Finance/Student Accounts Receivable: Associate V.P. and Controller
Financial Aid: Director, Student Financial Aid
Human Resources/Payroll: Associate V.P., Human Resources/Payroll
Registrar: University Registrar
Database Support: Director, Database Application Services
Department Head. The department head is responsible for evaluating and documenting the business needs of departmental employees in order to assist with design of Banner and related administrative systems access. The department head is responsible for notifying the security officer of changes in job responsibilities which require access changes, including transfers within the department, transfers within the University, and terminations.
V. EFFECTIVE DATE AND APPROVAL
The policies herein are effective August 1, 2007, and was revised on January 14, 2010. This Administrative Policy shall be reviewed and revised, if necessary, annually to become effective at the beginning of the University’s fiscal year, unless otherwise noted.
Maurice W. Scherrens
Senior Vice President
Peter N. Stearns
Date approved: August 9, 2007
Revised on January 14, 2010
Date of most recent review: January 29, 2013