Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

  
  UPDATES
Current Load Status
Regular Availability
  
  INFORMATION
FAQs & Tips
Password Changer
Support services
Security
About the Data Warehouse
Data Administration
  
  DATA COLLECTIONS
Advancement
Assets
BRIM
Express Mail
Facilities
Faculty
GAR
General Ledger
Infrastructure
ISSS-iOffice
Learning Management
Position Inventory
Research-PennERA Proposals
Salary Management
Student
Travel Expense Management
Tuition Distribution
Cross-Collection

Data Warehouse Security

· Responsibility and Confidentiality
· Querying Data with Security Restrictions
· Data Stewardship Best Practices

Responsibility and Confidentiality
The Data Warehouse contains confidential and sensitive University data. In order to use its data, you must have proper authorization. Your authorization means that you have the authority to use the data and the responsibility to share stewardship of the data with the other users of the collection.

Once authorized, you can access the data that you need to do your job. All authorized users are cautioned, however, that they are entrusted to use the data they retrieve from the Warehouse with care. Confidential data should not be released to others except for those with a "legitimate need to know."

Please remember that you should never share Business Objects queries with other users with the data intact -- send the query without the data. More information about sending and saving Business Objects documents.

Querying Data with Security Restrictions
If you execute a query requesting data that you are not authorized to access, you will get results which may be incomplete because they are missing the data you are not allowed to access.

If your authorization is limited to a specific set of data, be sure when querying the data that your record selection conditions include your security restrictions. For example, if you are authorized to access just data for a particular department, one of your record selection conditions should state something like "If Organization= 'My Organization'," where My Organization is the code of your department. This will document why the query gets the results it does, and will also help your query run faster.

Data Stewardship Best Practices
One of the most effective ways for Penn to safeguard the privacy and security of student, faculty, staff and other information is to make sure that it is only shared with people who clearly need it to do their jobs. This seemingly simple safeguard is sometimes though not so simple to implement. Penn's Office of Information and Security and Office of Audit, Compliance and Privacy have developed best practices to assist data stewards in ensuring appropriate data controls in IT systems. The best practices focus on procedures for granting, reviewing and terminating data user access as well as appropriate training for data users. Data stewards of all systems, and particularly large systems with sensitive information, should ensure that they are adhering to the controls found in these best practices. Any questions can be directed to Data Administration or to the Office of Information Security.

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania