DICKINSON COLLEGE INSTITUTIONAL INFORMATION POLICY STATEMENT AND SECURITY PLAN Database Management System Security For the Colleague/Benefactor Shared Database March 4, 1992 I. BACKGROUND A. Purpose The implementation of a comprehensive database management system (DBMS) raises issues of information ownership, privacy and security; many of which are unique to the DBMS environment. The purpose of this statement is to identify and address those issues via formal policy statements. Campus-wide adherence to formal information policy will greatly reduce the risk of compromise (either accidental or deliberate) or misuse of sensitive data. The intent of this policy is to maximize security and privacy without obstructing the efforts of applications users and support personnel in the performance of their assigned duties. B. Scope This statement directly addresses information and activities related to the Datatel Colleague and Benefactor Databases. Indirectly, its intent is to complement existing college policy relating to the handling and processing of institutional information. C. Environment Under traditional information systems, data structures are often defined exclusively for each office or Workgroup within the system. This arrangement minimizes disagreements regarding data ownership (since each user has his own "copy" of needed data) but introduces the problems of duplication, currency and maintainability. Updates between functional areas are often done in a "batch" mode by technical personnel and requests for non-standard reports (containing data that spans several functional areas) often require custom programming. The DBMS environment resolves most of these problems through common data pools and a query language that can be accessed directly by departmental users. This increased flexibility and accessibility is accomplished, in part, by consolidating global information (names, addresses, etc.) into a centralized data structure available to all users. Privacy is maintained by splitting sensitive information into subordinate limited access files. II. POLICY A. AUTHORITY This policy statement is authorized by The President of the College. All employees and agents of the college will become familiar with and adhere to the policy when engaged in information based activities. Disagreements regarding access to data or any other issues arising from ambiguous or non- existent policy shall be forwarded to CAUG for review and resolution. Further disagreements shall be forwarded to CAG for final disposition. B. OWNERSHIP The Colleague and Benefactor Program Licenses, data, and custom applications programs are the exclusive property of Dickinson College and shall be used by its employees and agents only in the conduct of official college business. C. CUSTODY OF DATA Database information is classified and assigned custody as follows. 1. COMMON DATA Common data are held in files that may be accessed by users from several Workgroups. Workgroup Administrators are co-custodians of common data. Decisions regarding the use of common data are the responsibility of each Workgroup Administrator, as needed in the conduct of official college business and to the extent that the use of that data is consistent with institutional procedures and the policy stated herein. 2. WORKGROUP DATA Workgroup data are assigned to the exclusive custody of the Workgroup Administrator. Each Workgroup Administrator is responsible for assuring that Workgroup Data under his/her custody, is used in a manner consistent with the policy stated herein. D. COPIES OF DATA vs. OFFICIAL DATA The data that physically reside in the Colleague and Benefactor Live Data areas on the Sequent file system, constitute the "Official" Dickinson Database. Both Official and Unofficial Colleague and Benefactor data are considered the exclusive property of the college and are governed by the policies defined herein. E. MAINTENANCE OF DATA Unless explicitly noted in this statement and/or its appendices, maintenance of any specific workgroup data element is confined to a single office. Responsibility for coordinating and communicating the maintenance of common data will be assigned by and with the concurrence of the appropriate Workgroup Administrators (eg. address changes). F.USE OF DATAThe viewing, reporting, and discussion of sensitive information shall be governed by formal authorization and the "need to know". Use of sensitive information for purposes other than those specifically required to accomplish assigned duties does not constitute a "need to know" and is explicitly prohibited. G. RELEASE OF INFORMATION No employee or agent of the college shall release any data to any non-employee or non-agent of the college unless specifically authorized by the appropriate Workgroup Administrator. 1. WORKGROUP DATA Workgroup Administrators are authorized, within their discretion and in accordance with policy stated herein, to release Workgroup Data to other Workgroups and non-employees or non-agents of the college. 2. RESPONSIBILITY AFTER RELEASE When information is released by the Workgroup Administrator to another agent of the college, responsibility for the confidentiality and proper use of that information is shared by the receiving agent. H. SYSTEMS ACCESS AND SECURITY Measures to control system access and security shall be the responsibility of all system users, administrators and support staff. 1. EXECUTIVE MANAGEMENT RESPONSIBILITIES Divisional Executives are responsible for the assignment of Colleague/Benefactor Workgroup Administrators (see Appendix B- III.) as follows: Divisional Executive Workgroup Dean of Admissions adm Dean of Educational Services & sa Student Affairs fa Dean of the College reg Treasurer cf per csc ** Director of Communications & Development ben ** Responsibility for the csc Workgroup is transferred between the Dean of theCollege and the Treasurer on an annual basis. 2. WORKGROUP ADMINISTRATOR RESPONSIBILITIES Requests for new user accounts, termination of accounts, and on-line access by individuals outside the Workgroup will be forwarded to the Database Administrator by the Workgroup Administrator. The Workgroup Administrator will specify those aspects of the database to which the users in their respective workgroups will have access. The Workgroup Administrator is responsible for maintaining a current list of authorized Workgroup Users in the Test, Education and Live Systems and for apprising Computer Services of changes and potential security breaches. The Workgroup Administrator is responsible for monitoring Workgroup database activities and procedures to assure conformity with formal policy and prudent operating practice. The Workgroup Administrator is responsible for setting and monitoring procedures, within the workgroup, for maintenance and disposal of copies of information generated from the system. The Workgroup Administrator is responsible for assuring that all Workgroup Employees read and understand this policy statement. 3. DELEGATION While the Workgroup Administrator is responsible for the overall adherence to institutional policy, specific administrative tasks may, as appropriate, be delegated to an assigned Module Administrator. 4. USER RESPONSIBILITIES Each database user is responsible for theconfidentiality of passwords and information to which he/she has access. Users shall exercise prudence in the maintenance and filing of passwords, print screen reports, and Uniquery reports. Users shall ensure a secure physical environment. 5. COMPUTER SERVICES RESPONSIBILITIES In addition to observing thepolicies herein, Computer Services shall administer the following security measures: A regular schedule of full and periodic system backups (including an off-sitestorage rotation), in accordance with the Computer Services Procedures Manual. A disaster recovery plan shall be enacted. Systems activity and operational logs shall be periodically reviewed forpotential security breaches. 6. STATEMENT OF UNDERSTANDING All college employees and agents accessing the database system shall sign a statement of understanding of institutional policy. I. DESTRUCTION OF CONFIDENTIAL DATA It is the responsibility of each user to assure that confidential information is destroyed in an appropriate manner. This may include the use of paper shredders, diskette mutilation, check incineration, and other means, as appropriate. DICKINSON COLLEGE INSTITUTIONAL POLICY STATEMENT AND SECURITY PLAN APPENDIX A. DefinitionsFor the purposes of this policy statement, the following terms are defined: 1. Administrative Responsibilities The increased user access gained through the database, necessitates a similar delegation of administrative responsibility. Workgroups must play an active role in assigning and monitoring access to the database. Appendix B details specific database workgroup responsibilities. 2. Application Program The predefined menu selections and programs that make up Colleague and Benefactor. User access to the database through the application programs is limited to (i.e. controlled by) the options presented on the menus. 3. CAG (Computer Advisory Group) The executive committee, consisting of the Dean of the College, the Treasurer, the Director of Computer Services, and the chairpersons of both the Academic and Administrative users' groups, that is responsible for general oversight, integration, campus-wide planning, and policy formulation related to all the College's information processing activities. The chair of this committee is transferred between the Dean of the College and the Treasurer on an annual basis. 4. CAUG (College Administrative User's Group) The administrative advisory group, consisting of the heads of various administrative offices, the Director of Computer Services, the Coordinator of Systems Development, the Coordinator of Administrative Computing, and other administrative staff as needed. Members of the committee are appointed by the President. CAUG is responsible for assisting Computer Services personnel in identifying and addressing operational, planning, budgetary, and policy issues related to the College's administrative information processing activities. CAUG reports to CAG. 5. Custody of Data Each Workgroup Administrator is assigned custodianship of specific datastructures. As an assigned custodian, each Administrator is responsible for managing the operational maintenance, security, reporting and release of his/her assigned Workgroup Data in accordance with the policy stated herein. 6. Databases Three major databases are associated with the Colleague/Benefactor System. * EDUC Provided by Colleague to provide representative examples of each module. EDUC is used by new users to become familiar with the basic system features. * TEST Database developed internally to test Dickinson specific invocations and customizations of the package prior to live integration. * LIVE The official data used in the live operations of the college. 7. Common Data to which all Workgroups have access. The primary common files in the Colleague and Benefactor Systems are, respectively, the "PEOPLE" File and the "PERSONS" File. Policy regarding the common use of these files is contained herein. 8. Database Administrator Computer Services assigned individual responsible for maintaining the physical integrity, security and consistency of the database. 9. ENVISION Programs Programs that have been reorganized by Datatel to incorporate new program development techniques, screen "looks" and security features (including field level security). Presently only some of the modules have been rewritten using ENVISION. From a security perspective, ENVISION programs differ from the present MSP programs in that the availability of and access to a given ENVISION program by a specific user can be controlled by that programs inclusion in a Security Class to which the user belongs. 10. MSP Programs "Maintain.Set.Parameters" Programs. Presently all of the applications programs with the exception of "Colleague Financials" and "Benefactor" are MSP programs. These programs are distinguished from ENVISION programs (from a security perspective) in that access to a given MSP Program is controlled solely by program passwords and exclusive Vocabularies. 11. "Need to Know" The "need to know" confines system users to accessing, changing, and generating reports on only data that are required in the administration of their assigned duties. 12. Query Language The Database Language that enables users to produce ad hoc reports independent of the Application Program. User access to the database through the query language (Uniquery) is limited by the data files and verbs contained in the VOC file of that users Workgroup. 13. Verb A Uniquery command that performs a specific action on a file (eg. LIST, SORT, SELECT, GET.LIST). Workgroup VOCs contain verbs that facilitate reporting but are restricted from verbs that can change the database (eg. CLEAR.FILE). 14. VOC File A database vocabulary. Each Workgroup has a unique vocabulary that contains only those filenames and verbs to which that Workgroup has access. 15. Workgroup A group of individuals distinguished by their use of a common set of Colleague/Benefactor Files. The organization of Workgroups is based on Dickinson's organizational structure as it interacts with the logical structure of the Colleague and Benefactor databases (see Appendix B for detailed definition of specific Workgroups). 16. Workgroup Administrator The individual appointed administrative custody for a particular Workgroup. 17. Workgroup Data Files containing data specific to a given Workgroup. Access to information contained in workgroup data is authorized by the Workgroup Administrator. DICKINSON COLLEGE INSTITUTIONAL POLICY STATEMENT AND SECURITY PLAN APPENDIX B. Database Management System Security For the Colleague/Benefactor Shared Database March 4, 1992 ADMINISTRATIVE ASSIGNMENT AND SECURITY I. ADMINISTRATIVE RESPONSIBILITIES This section identifies operational and support activities associated with the Colleague/Benefactor System. Each position is described and its associated access rights defined. "Systems Access" defines a user's access at the Dynix Operating Systems level. Access at this level is necessary only for systems development and maintenance and is, therefore, restricted to Computer Services personnel. All other users will be automatically insulated from the operating system by a menu system. "Database Access" defines a user's access to the Unidata Database (or "colon prompt"). Access is defined for each of the three accounts. All users have access to the entire sample database provided by Datatel ("educ"). All users have full access to their designated test accounts ("test"). Live account access varies for each user within a workgroup, as authorized by the Workgroup Administrator. Variations include access limited to specific programs, view only rights, and restriction from the query language. II. Workgroup Personnel position: Workgroup Administrator duties: * Authorize system access within workgroup. * Authorize file/information access to individuals outside the workgroup (including the creation of electronic cross-file views). * Monitor and coordinate efforts of Module Administrator. * Monitor workgroup activity. * Maintain log of current workgroup users and access rights. II. Workgroup Personnel (continued) access: * Workgroup Administrator has access to all screens, tables, and records available to the Workgroup. Workgroup Administrator also has Uniquery Access. position: Module Administrator duties: * Assure adherence to institutional procedures by all applications users with access to the module. * Assure that applications users have received proper procedural and applications briefings and training. * Notify Workgroup Administrator of any required changes to systems access within the module. * Coordinate with Computer Services in maintaining Colleague Tables. * Maintain a data processing Calendar noting key processing dates. * Coordinate with Computer Services in maintaining/planning Uniquery paragraphs and program change requests. access: * Module Administrator has access to all screens, tables and records available to the designated module. The Module Administrator also has Uniquery Access. position: Applications User (Uniquery Access) duties: * Perform Colleague/Benefactor planning and data entry, maintenance and reporting as authorized by Workgroup Administrators. * Perform Uniquery data retrieval activities on workgroup files as requested by Module Administrator. access: Access restricted to those programs designated by the Workgroup Administrator. User also has access to the Workgroup Vocabulary (VOC) via the colon prompt. position: Applications User (Menu Access Only) duties: * Perform Colleague/Benefactor data entry, maintenance and reporting as authorized by Module Administrator. access: User has access to those programs authorized by the Workgroup Administrator. User is restricted from Uniquery Access of the database. position: Computer Services Support Personnel duties: * Provide operational support for administrative applications, assist users in the development of new applications,and identify and resolve problems related to the utilization of Colleague and Benefactor. access: Support personnel have access to modules within Colleague/Benefactor only as needed in the performance of their assigned duties. III.WORKGROUP ASSIGNMENTS The following, details workgroup assignments by Workgroup and Module Administrator. The list is organized by Workgroup and includes each user's name and present operational access (see II. for complete description of duties and user work spaces). WORKGROUP MODULE WORKGROUP MODULES ADMINISTRATOR ADMINISTRATOR adm Admissions L. Mench J. Brehm R. Shunk ben Benefactor tbd tbd cf Accts Rcvbl. M. Britton C. Chronister Accts Payable A. Parker T. Meyer Budget Mgr. A. Parker Cash Rcpts. C. Chronister Fixed Assets A. Parker FRM Distrib. A. Parker General Ledger A. Parker T. Meyer Inventory A. Parker Payroll T. Meyer Purchasing M. Helm csc All Colleague J. Balling J. Balling and Benefactor Modules fa Financial Aid Don Raley Rick Heckman Madelyn Campbell per Personnel R. Rasch K. Heberlig reg Registrar R. Doernbach L. Kessler B. Bretz sa Student M. Frances Carson M. Redman Affairs DICKINSON COLLEGE INFORMATION PROCESSING STATEMENT OF UNDERSTANDING Recognizing the need to maintain individual and institutional rights to privacy and confidentiality AND realizing that, as an agent of the College, my assigned responsibilities necessitate the handling of sensitive information (both individual and institutional), I affirm my intention to preserve the strictest standards of confidentiality in the use of this information and agree to be legally bound by the same regulations affecting all College officials concerning the dissemination and disclosure of sensitive information. Specifically, I affirm: 1. That I understand the need to exercise confidentiality in the handling of institutional information. 2. That I understand the importance of exercising care in assuring the secrecy of my computer system passwords, the physical security of my work area, and the proper storage, transmittal, and disposal of College based information stored on any media. 3. That I am ethically obliged to report any attempted or successful violation of institutional or personal security or privacy. 4. That I have become familiar with specific information handling procedures established within my workgroup. 5. That I have read and understand the College's Information Policy Statement. I understand the intent of this statement and will exercise diligence in performing my duties in accordance with institutional policy. Furthermore, I understand that violation of College policy may result in disciplinary action. __________________________ _____________ Signature Date __________________________ Printed or Typed Name.