UC IRVINE ADMINISTRATIVE POLICIES AND PROCEDURES
Business and Financial Affairs
Computing and Information Systems
Sec. 714-15: Policy on Access to University Administrative Information Systems
Responsible Administrator: Assistant Vice Chancellor - Information Technology
Revised: August 2006
References / Resources
- State of California Information Practices Act of 1977 (IPA)
- UC Business and Finance Bulletin
- UCI Administrative Policies & Procedures
- Section 714-16, Procedures for Accessing University Administrative Information Systems
- Section 714-17, Using University Administrative Information Systems
- Section 714-18, Computer and Network Use Policy
- Section 720-10, Information from Public Records (California Public Records Act) - Guidelines
- Section 720-11, Privacy of and Access to Information (Excluding Student Records) - Guidelines
Contact: Office of Information Technology HelpDesk at (949) 824-8500 or HelpDesk@uci.edu
Office of Information Technology (OIT) is responsible for providing and maintaining access to administrative information systems (applications) that facilitate the University's business processes. Major systems responsibility includes payroll/personnel, purchasing, accounts payable, general ledger and associated financial systems, equipment management, student billing, the data warehouse and the campus administrative portal. On-line access is available via individual desktop computers for most systems. Training is available on an ongoing basis.
B. Policies for Access
Access to the University's administrative information systems is provided to those employees who have a demonstrated need for access to accomplish their job duties. Department heads designate a Departmental Security Administrator (DSA) who may grant access to administrative information systems for the organizational hierarchy (hierarchies) for which they are responsible.
C. Data Privacy
Some of the data contained in the University's administrative information systems may be defined as personal or confidential under the University's policy and the State of California Information Practices Act of 1977 (IPA).
The references to personal and confidential information in the UCI Administrative Policies & Procedures are for the employee's information but may not specify all the computer use standards, the University's policy and procedures, and state and federal laws by which an employee is governed.
It is the responsibility of individual users to access and use data in accordance with the University's policy and the State of California Information Practices Act of 1977. For more specific information, refer to the references shown above or contact the campus Information Practices Coordinator at (949) 824-7151.
D. User's Responsibilities
Individual users acknowledge that they understand, and assent to adhere to the conditions of Office of Information Technology ' Computer Security and Use Agreement when they establish a login ID using e-Login. Specifically, an employee acknowledges an understanding of and agreement to adhere to the following:
- The logon ID is considered equivalent to a signature and the individual is responsible for all entries made under that logon ID.
- Updates to the system and changes in system data are to be made in a manner that is consistent with the University policies and procedures that govern the particular action to be changed.
- Computing resources are to be used only for the legitimate University business that an employee has been explicitly authorized to perform as stated in his/her job description.
- It is against the University's policy to pursue or use the University's records including, but not limited to, confidential information for personal interest or advantage.
- Proper password security is to be maintained by not revealing passwords to anyone.
- Security is to be maintained by not providing anyone access to or use of the University's information systems maintained by Office of Information Technology.
- Proper physical security is to be maintained by not leaving a workstation/terminal unattended while logged in to the University's systems.
- The privacy and confidentiality of all accessible data is to be maintained and it is understood that unauthorized disclosure of personal/confidential information is an invasion of privacy and may result in disciplinary, civil and/or criminal actions against an individual.
- Suspected security violations will be reported to Office of Information Technology.
- Under existing California state law, any person who maliciously accesses, alters, deletes, damages or destroys any computer system, network, computer program or data shall be guilty of a felony.
- References to personal and confidential information in the UCI Administrative Policies & Procedures and the Computer Security and Use Agreement are for the employee's information but may not specify all computer use standards, University policy and procedures, and state and federal laws by which employees are governed.
Failure to comply with these policies, rules and regulations may result in disciplinary action, up to and including dismissal. Any violation of local, state or federal laws may carry the additional consequence of prosecution under the law, where judicial action may result in specific fines or imprisonment, or both; plus the costs of litigation or the payment of damages or both; or all. The University will take the strongest actions possible in the case of any breach of these agreements.
E. Departmental Responsibilities
- Department Heads
It is the responsibility of the department head to insure that appropriate access to administrative applications is granted to their employees and to other campus employees who have a demonstrable need for such access to accomplish their job duties. All access requests will originate from the employee's supervisor and/or department head using the Access Approval Request Form in SAMS. This form will send the access request to the DSA. The department head may assign responsibility to one or more DSAs in their unit for the management of security access rights to campus administrative information systems.
- Departmental Security Administrators
The DSA will use the Security Access Maintenance System (SAMS) to acknowledge and agree to the contents of the DSA Enrollment and Computer Security Use Contract. The DSA will use SAMS to allow access to administrative information systems for their specific organizational hierarchies and to promptly remove access rights for their staff members who no longer require access to administrative systems. The DSA will acknowledge an understanding of and agreement to the following:
- Security access rights will be granted to campus administrative systems only for legitimate University business.
- Security access rights will not be granted for one's self.
- Security access rights will be granted to specific administrative systems only for those staff members who have explicit need of those systems in order to perform their assigned job duties.
- Security access rights to specific (or all) administrative systems will be removed promptly for staff members whose assigned job duties have changed and who no longer require access to the specified campus administrative systems.
- DSAs will provide access to and use of campus administrative systems only through their role as a DSA.
For further information, contact the Office of Information Technology HelpDesk at (949) 824-8500 or HelpDesk@uci.edu.