Banner System Security

Category: Operations
Number: OPS-050-030
Audience: All University employees
Revised: August 08, 2013
Owner(s): AVP (Information Services)
Approved by: VP (Administration)
Contact: Director, Customer Applications 306-585-5490

Introduction

The University has an obligation to reasonably ensure the financial, human resource, donor, alumni, and student records contained in Banner enterprise application (Banner) are both accurate and secure.  Many faculty and administrative department personnel require access to these records in order to carry out their legitimate work responsibilities.

The authorization and ongoing review of access rights to Banner is required to meet recommendations provided to the University Board and Management by the Provincial Audit Office of Saskatchewan. Therefore the following policy statement and associated roles and responsibilities are required to ensure the University provides staff only the access and update capabilities they require to complete their work assignments.

Policy

The University shall reasonably ensure faculty and staff have only the access and update capabilities to the University’s Banner enterprise application (Banner) that are required to allow individual faculty and staff to complete their work assignments.

Roles and Responsibilities

General Administration Systems Planning Committee (GASP)

  • GASP will form a permanent working subcommittee representing the custodial stakeholders of the main functional areas of Banner including Banner Student, Banner Finance, Banner HR and Banner Advancement.
  • The subcommittee members will be made up of representatives from the Registrar’s Office, Financial Services, Human Resources and External Relations – Advancement Services.
  • The subcommittee will annually review a detailed listing of all staff with update rights within Banner specific to their functional areas. Should the committee question an individual’s update rights the head of their faculty or administrative department shall be advised and provided an opportunity to justify such access. If such access is not justified the committee will instruct Information Systems to delete the unjustified update capabilities for the individual in question.

Information Services

  • Information Services shall annually provide the current Banner access data and certification statement to each unit. The current Banner access data will include each faculty and staff member name and any access rights they have to Banner Student, Finance, Human Resources, and Advancement functionality.

Head of each Faculty or Administrative Department or Designate

  • The head or designate will, on an annual basis, complete a review of the current Banner Access data for their faculty and staff. The current Banner Access data will indicate the access capabilities each faculty or staff person in their unit has to the Banner application.
  • Once the review is completed and any needed corrections identified and sent to Information Services, the head or designate will complete and sign the certification statement indicating the review has taken place and that access to Banner for their faculty and staff conforms to assigned work duties. This signed statement will be forwarded to Information Services for retention and review by the Provincial Auditor and a copy retained on file in the faculty or administrative department.

Consequences for Noncompliance

Failure to submit a signed certificate indicating that the review of Banner access is completed as outlined will result in Information Services removing access to Banner.  The removal of access will remain in effect until Information Services receives the completed and signed certificate.

Processes

The Banner Access Certification Statement must be signed and submitted by each faculty and administrative department to Information Services prior to the start of each new fiscal year. For example, the Banner Access Certificate Statement for fiscal year 2014-15 would be due by April 30, 2014.

Related Information