Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

  Query the warehouse
What you need
Access request forms
Password change
Query tool software
Training options
Tips
  
  Related information
About the warehouse
Data Administration
Security
Support services
Warehouse updates
  
  Data collections
advancement
assets
brim
brs
express mail
facilities
faculty
general ledger
infrastructure
learning management
position inventory
research
salary management
student
tuition distribution
cross-collection

Data Warehouse Security

· Responsibility and Confidentiality
· Querying Data with Security Restrictions
· Data Stewardship Best Practices

Responsibility and Confidentiality
The Data Warehouse contains confidential and sensitive University data. In order to use its data, you must have proper authorization. Your authorization means that you have the authority to use the data and the responsibility to share stewardship of the data with the other users of the collection.

Once authorized, you can access the data that you need to do your job. All authorized users are cautioned, however, that they are entrusted to use the data they retrieve from the Warehouse with care. Confidential data should not be released to others except for those with a "legitimate need to know."

Please remember that you should never share Business Objects queries with other users with the data intact -- send the query without the data. More information about sending and saving Business Objects documents.

Querying Data with Security Restrictions
If you execute a query requesting data that you are not authorized to access, you will get results which may be incomplete because they are missing the data you are not allowed to access.

If your authorization is limited to a specific set of data, be sure when querying the data that your record selection conditions include your security restrictions. For example, if you are authorized to access just data for a particular department, one of your record selection conditions should state something like "If Organization= 'My Organization'," where My Organization is the code of your department. This will document why the query gets the results it does, and will also help your query run faster.

Data Stewardship Best Practices
One of the most effective ways for Penn to safeguard the privacy and security of student, faculty, staff and other information is to make sure that it is only shared with people who clearly need it to do their jobs. This seemingly simple safeguard is sometimes though not so simple to implement. Penn’s Office of Information and Security and Office of Audit, Compliance and Privacy have developed best practices to assist data stewards in ensuring appropriate data controls in IT systems. The best practices focus on procedures for granting, reviewing and terminating data user access as well as appropriate training for data users. Data stewards of all systems, and particularly large systems with sensitive information, should ensure that they are adhering to the controls found in these best practices. Any questions can be directed to Data Administration or to privacy@pobox.upenn.edu.
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania