Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Current Load Status
Regular Availability
FAQs & Tips
Password Changer
Support services
About the Data Warehouse
Data Administration
Express Mail
General Ledger
Learning Management
Position Inventory
Research-PennERA Proposals
Salary Management
Travel Expense Management
Tuition Distribution

Data Warehouse Security

· Responsibility and Confidentiality
· Querying Data with Security Restrictions
· Data Stewardship Best Practices

Responsibility and Confidentiality
The Data Warehouse contains confidential and sensitive University data. In order to use its data, you must have proper authorization. Your authorization means that you have the authority to use the data and the responsibility to share stewardship of the data with the other users of the collection.

Once authorized, you can access the data that you need to do your job. All authorized users are cautioned, however, that they are entrusted to use the data they retrieve from the Warehouse with care. Confidential data should not be released to others except for those with a "legitimate need to know."

Please remember that you should never share Business Objects queries with other users with the data intact -- send the query without the data. More information about sending and saving Business Objects documents.

Querying Data with Security Restrictions
If you execute a query requesting data that you are not authorized to access, you will get results which may be incomplete because they are missing the data you are not allowed to access.

If your authorization is limited to a specific set of data, be sure when querying the data that your record selection conditions include your security restrictions. For example, if you are authorized to access just data for a particular department, one of your record selection conditions should state something like "If Organization= 'My Organization'," where My Organization is the code of your department. This will document why the query gets the results it does, and will also help your query run faster.

Data Stewardship Best Practices
One of the most effective ways for Penn to safeguard the privacy and security of student, faculty, staff and other information is to make sure that it is only shared with people who clearly need it to do their jobs. This seemingly simple safeguard is sometimes though not so simple to implement. Penn's Office of Information and Security and Office of Audit, Compliance and Privacy have developed best practices to assist data stewards in ensuring appropriate data controls in IT systems. The best practices focus on procedures for granting, reviewing and terminating data user access as well as appropriate training for data users. Data stewards of all systems, and particularly large systems with sensitive information, should ensure that they are adhering to the controls found in these best practices. Any questions can be directed to Data Administration or to the Office of Information Security.


Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania