Security Coordinator Designation and Restrictions

Security for the data and access to CIRS is the sole responsibility of the campus.  In addition to the items below, campuses must follow the procedures outlined in the SCO Information Security Procedures Manual​ that pertain to accessing the SCO Computer System.   ​

Security Coordinator

Each campus must establish a CIRS Security Coordinator. The CIRS Security Coordinator is our central contact at the campus and is responsible for authorizing access to CIRS and monitoring the security of the data and equipment.  To designate a CIRS Security Coordinator, submit a CIRS003 form, to our office.

 

The duties of a Security Coordinator include the following:

    • Signing and overseeing the completion and submission of access, deletion, and hardware requests to HR-ISA.
    • Determining a user's access to Compendium reports, as well as each ad hoc reporting file, and the available fields within each file. 
    • Notifying HR-ISA regarding the deletion of system users, and changes to hardware and security.
    • Conducting a walk-through of the system with new users to determine all functions are operating correctly.
    • Disseminating information regarding CIRS to all campus users.    
    • Following the policies and procedures outlined in the  SCO Decentralized Security Guidelines (refer to HR/Personn​​el Records 2003-01 on the Systemwide Human Resources web site).  
    • ​Annual self-certification of campus compliance with the applicable SCO information security policies.​

​Security Restrictions

The CIRS Security Coordinator is responsible for determining a user's access to Compendium reports, as well as ad hoc reporting files and the available fields within each file.   


Compendium Reports:

    • CIRS users can be restricted from accessing Compendium reports at the detail level, category level or at the report code level.  If a user requests a restricted group of reports, or a specific report code, a security message will display and access will be denied.
    • Due to the volume of Compendium reports, restricting usage at the report code level could become a cumbersome task for the coordinator and HR-ISA.  It is preferred that the majority of restrictions be kept at the division and category level.  

Ad Hoc Reports:

    • CIRS users can be restricted from viewing an entire file, or specific fields in a file.  When a restricted field is requested during a FOCUS request, FOCUS will respond that the requested field does not exist.
    • Though the option of restricting a user to specific fields is available, HR-Data Operations feels that in the majority of cases restriction at this level would not be used.  Becoming too caught up in restrictions could prove to be a cumbersome task for the coordinator and HR-Data Operations.  It is preferred that this level of restriction be kept to a minimum.

Last Updated: February 13, 2024