Banner System Security
Introduction
The University has an obligation to reasonably ensure the financial, human resource, donor, alumni, and student records contained in the Banner enterprise application (Banner) are both accurate and secure. Many faculty and administrative department personnel require access to these records in order to carry out their legitimate work responsibilities.
The authorization and ongoing review of access rights to Banner is required to meet recommendations provided to the University Board and Management by the Provincial Audit Office of Saskatchewan. Therefore the following policy statement and associated roles and responsibilities are required to ensure the University provides employees only the access and update capabilities they require to complete their work assignments.
Policy
The University shall reasonably ensure employees have only the access and update capabilities to the University’s Banner enterprise application (Banner) that are required to allow individual employees to complete their work assignments.
Roles and Responsibilities
General Administration Systems Planning Committee (GASP)
- GASP will form a permanent working subcommittee representing the custodial stakeholders of the main functional areas of Banner including Banner Student, Banner Finance, Banner HR and Banner Advancement.
- The subcommittee members will be made up of representatives from the Registrar’s Office, Financial Services, Human Resources and University Advancement and Communications.
- The subcommittee will annually review a detailed listing of all employees with update rights within Banner specific to their functional areas. Should the committee question an individual’s update rights the head of their faculty or administrative department shall be advised and provided an opportunity to justify such access. If such access is not justified the committee will instruct Information Systems to delete the unjustified update capabilities for the individual in question.
Information Services
- Information Services shall annually provide the current Banner access data and certification statement to each unit. The current Banner access data will include each employee name and any access rights they have to Banner Student, Finance, Human Resources, and Advancement functionality.
Head of each Faculty or Administrative Department or Designate
- The head or designate will, on an annual basis, complete a review of the current Banner Access data for their employees. The current Banner Access data will indicate the access capabilities each employee in their unit has to the Banner application.
- Once the review is completed and any needed corrections identified and sent to Information Services, the head or designate will complete and sign the certification statement indicating the review has taken place and that access to Banner for their employees conforms to assigned work duties. This signed statement will be forwarded to Information Services for retention and review by the Provincial Auditor and a copy retained on file in the faculty or administrative department.
Consequences for Noncompliance
Failure to submit a signed certificate indicating that the review of Banner access is completed as outlined will result in Information Services removing access to Banner. The removal of access will remain in effect until Information Services receives the completed and signed certificate.
Processes
The Banner Access Certification Statement must be signed and submitted by each faculty and administrative department to Information Services prior to the start of each new fiscal year. For example, the Banner Access Certificate Statement for fiscal year 2018-19 would be due by April 30, 2018.
