Security for the data and access to CIRS is the sole
responsibility of the campus. In addition to the items below, campuses
must follow the procedures outlined in the SCO Information Security Procedures Manual that
pertain to accessing the SCO Computer System.
Security Coordinator
Each campus must establish a CIRS Security Coordinator. The
CIRS Security Coordinator is our central contact at the campus and is
responsible for authorizing access to CIRS and monitoring the security of the
data and equipment. To designate a CIRS Security Coordinator, submit
a CIRS003 form,
to our office.
The duties of a Security Coordinator include the following:
- Signing and overseeing the completion and submission of
access, deletion, and hardware requests to HR-ISA.
- Determining a user's access to Compendium reports, as
well as each ad hoc reporting file, and the available fields within each
file.
- Notifying HR-ISA regarding the deletion of system users,
and changes to hardware and security.
- Conducting a walk-through of the system with new users
to determine all functions are operating correctly.
- Disseminating information regarding CIRS to all campus
users.
- Following the policies and procedures
outlined in the SCO Decentralized Security Guidelines (refer
to HR/Personnel Records 2003-01 on the
Systemwide Human Resources web site).
- Annual self-certification of campus compliance with the
applicable SCO information security policies.
Security Restrictions
The CIRS Security Coordinator is responsible for determining a
user's access to Compendium reports, as well as ad hoc reporting files and the
available fields within each file.
Compendium Reports:
- CIRS users can be restricted from accessing Compendium
reports at the detail level, category level or at the report code level.
If a user requests a restricted group of reports, or a specific
report code, a security message will display and access will be denied.
- Due to the volume of Compendium reports, restricting
usage at the report code level could become a cumbersome task for the
coordinator and HR-ISA. It is preferred that the majority of
restrictions be kept at the division and category level.
Ad Hoc Reports:
- CIRS users can be restricted from viewing an entire
file, or specific fields in a file. When a restricted field is
requested during a FOCUS request, FOCUS will respond that the requested
field does not exist.
- Though the option of restricting a user to specific
fields is available, HR-Data Operations feels that in the majority of cases
restriction at this level would not be used. Becoming too caught up
in restrictions could prove to be a cumbersome task for the coordinator
and HR-Data Operations. It is preferred that this level of restriction be kept
to a minimum.
Last Updated: February 13, 2024