BRIM Collection Data Security
BRIM Data Collection Access Prerequisites
Individuals must be authorized to use the General Ledger data collection
in the Data Warehouse before they can be granted access to the BRIM data
collection. (Information on how to obtain access to the General Ledger
data collection is available here.)
Users must supply their Data Warehouse Oracle userid (Business Objects
User Name) in the space provided on the BRIM Data
Access eForm, and obtain approval from their supervisor, their school
access administrator (or senior business officer), and the Director of
Post Award Financial Administration in the Office of Research Services.
Individuals will then be granted access to view BRIM data in the Warehouse
for the same organization(s) whose General Ledger data they can view in
Releasing Data Outside the University
Be cautious about releasing BRIM data outside the University. If you do
not customarily release data outside Penn, and you receive a request for
data to be sent outside the University, contact the Office of Research
Services (573-6705) or Institutional Research (898-5897).
Keep a Log
You might want to keep a log of the reports you create, even if you are
giving it to someone within the University. The log might include:
- Who requested the data.
- When they made the request.
- What data they requested.
- Why they requested the data/how they planned to use it.
- What query and/or report you used.
Releasing Data Within the University
Within the University, BRIM data may be disclosed only if it is needed
to do the business of the University, and only to those who need to know
the information in order to do their jobs. If you are not sure whether
to fulfill a request for BRIM data, call the Office of Research Services
Questions you shoud ask to help decide whether to fulfill a request for
- Who wants the information?
- Why do they want the information?
- For what purpose will the information be used?
- If they pass the information on to someone else, for what purpose
will that person use it? Note: Usually, the data should be for
the requestor's use only. No data should be posted in a public place
including the World Wide Web.
- How will they secure the information once they have it?
- How will they dispose of the information when they are done with it?
For example, hard copy reports should be shredded.
Query Results. If you save your results in Excel, pdf, or any other local file type, you must see to it that any sensitive data stored on your
peronal computer is safeguarded through physical security, access control
software, or encryption.
- Examples of physical security are locked offices and locked keyboards.
- Examples of access control software are a screen saver with password
protection (which your computer has been set up to initiate at startup)
or specialized desktop security software.
- If you encrypt your query results, you will need to decrypt them before
accessing them with Business Objects.
When a computer is left signed to an account, it is easy for someone to
gain unauthorized access. Either sign off from your account before you
leave your computer or restrict access by some other means (physical security
or access control software).
For more information on security and privacy, contact the Office of Information Security.