Security for the data and access to CIRS is the sole responsibility of the campus. In addition to the items below, campuses must follow the procedures outlined in the SCO Information Security Procedures Manual that pertain to accessing the SCO Computer System.
Each campus must establish a CIRS Security Coordinator. The CIRS Security Coordinator is our central contact at the campus and is responsible for authorizing access to CIRS and monitoring the security of the data and equipment. To designate a CIRS Security Coordinator, submit a CIRS003 form, to our office.
The duties of a Security Coordinator include the following:
Signing and overseeing the completion and submission of access, deletion and hardware requests to HR-ISA.
Determining a user's access to Compendium reports, as well as each ad hoc reporting file, and the available fields within each file.
Notifying HR-ISA regarding the deletion of system users, and changes to hardware and security.
Conducting a walk-through of the system with new users to determine all functions are operating correctly.
Disseminating information regarding CIRS to all campus users.
Following the policies and procedures outlined in the SCO Decentralized Security Guidelines (refer to HR/Personnel Records 2003-01 on the Systemwide Human Resources web site).
Annual self-certification of campus compliance with the applicable SCO information security policies.
The CIRS Security Coordinator is responsible for determining a user's access to Compendium reports, as well as ad hoc reporting files and the available fields within each file.
CIRS users can be restricted from accessing Compendium reports at the detail level, category level or at the report code level. If a user requests a restricted group of reports, or a specific report code, a security message will display and access will be denied.
Due to the volume of Compendium reports, restricting usage at the report code level could become a cumbersome task for the coordinator and HR-ISA. It is preferred that the majority of restrictions be kept at the division and category level.
Ad Hoc Reports
CIRS users can be restricted from viewing an entire file, or specific fields in a file. When a restricted field is requested during a FOCUS request, FOCUS will respond that the requested field does not exist.
Though the option of restricting a user to specific fields is available, HR-ISA feels that in the majority of cases restriction at this level would not be used. Becoming too caught up in restrictions could prove to be a cumbersome task for the coordinator and HR-ISA. It is preferred that this level of restriction be kept to a minimum.