Information Technology Division
Computing & Communications Center

Data Access Audit Standard

Purpose

The purpose of this standard is to provide the framework/process by which Data Stewards and Data Owners annually review and approve access granted to all Banner Database Environments, for the Access Audit. Further, this standard is directly related to the Data Access Qualification Standard and should serve as a checks and balances for assessing risk via current access.


Goals

To establish a method by which access to the Banner system (in a production environment or other) is reviewed on an annual basis thereby affirming the original granting of access.


Scope

This standard includes all Banner Database Environments, the ODS (Operational Data Store) and the EDW (Enterprise Data Warehouse). Data Stewards are responsible for the review of all Banner Classes in Banner Production, all Oracle Roles and all ODS Classes and Roles.


Standard

Data Stewards and Data Owners should use the following guidelines and process when conducting the Annual Access Audit:

Data Stewards and Data Owners should use the auditing tools provided (Banner Self-Service Security Menu).

  1. Data Steward Responsibilities:
  2. Data Owners Responsilibities:
  3. Data Access Administrator's Responsibilities:

All changes will be recorded in the database with a date stamp indicating the last time the Class or Role was adjusted. Audits following the initial audit using the web tools will only involve Classes and Roles where some element has changed (members, objects, types of access, etc.)


Revisions

Changes to this standard must be approved by the WPI Governance Committee based on recommendations of WPI Information Technology and the WPI Data Access Working Group.


Revision History

Maintained by itweb
Last modified: Oct 18, 2009, 22:23 EDT
[WPI] [CCC] [Top]