Status: Approved - June 15, 2004
Contact: James Davis
Access and use of the Student Information System "Enrollment" Panel.
This standard is effective August 1, 2004.
The following standard describes the responsible use expected by those given access to the technology resources and services supporting the VCCS Student Information System (SIS). The System Office Information Technology Office has proposed practical guidelines for the application of this standard.
The VCCS provides shared information technology resources and services to faculty, students, staff, and college patrons for activities supporting the VCCS mission. The purpose of this standard is to protect the integrity of VCCS Technology Resources and the users thereof against unauthorized or improper use of those resources. All individuals (VCCS and otherwise) granted access to this panel will be required to follow the guidance documented in this standard.
PeopleSoft provides a special Student Enrollment panel, often described as the "Super" Panel, where all editing and application referential integrity rules normally imposed by PeopleSoft’s Student Administration System is suspended. Anyone authorized to use this panel can make changes to the database and production data without going through validation or verification routines.
It is an accepted best practice that changes to data outside of normal system use, in any production system, must be documented to construct an audit trail for subsequent review. It is also an accepted best practice to limit the numbers of staff permitted such access and to provide specific training regarding specific circumstances when the panel may be used.
Changing production data with a mechanism that suspends all of the data integrity rules is often an easier and quicker alternative to the prescribed methods for affecting changes to production data. Access methods, like the Enrollment Panel, are at risk for potential abuse primarily through well-intentioned misuse. In the extreme, changes to the database using the Enrollment Panel can leave elements of the database in an error state, and the validity and integrity of student and institution data can be compromised.
As a best practice, each college campus will name two qualified individuals
as the primary user of the Enrollment Panel at that campus location. The
college is responsible for ensuring that the individual has all the required
knowledge, training and related skill sets that are required to effectively
administer and use this panel. The college information security officer must
maintain on file for review by the VCCS Internal Audit Office and the VCCS Chief
Information Security Officer the contact information for each person so
designated. In addition, each use of the Enrollment Panel shall be
documented in written and/or electronic form, showing the individual who
initiated the change, the date/time of the change, the purpose of the change and
the state of the table information before/after the change. the state of the
table information before and after use of the Enrollment Panel
to update data in the SIS database. These records shall be stored and
safeguarded in a manner consistent with all applicable records retention
policies and guidelines, and available upon request by the VCCS Director of
Internal Audit or his/her designee.
All exceptions to this standard must be fully documented by the college and that information forwarded to the VCCS Security Officer for verification and review. This information will be reviewed as part of the VCCS Internal Audit Office l review of access controls.