|
Section: 2200s – Technology Advancement & Support |
Last Review Date: 10/02/2023 |
|
Responsible Area: Technology Advancement & Support |
Effective Date: 10/02/2023 |
|
Policy/policies the procedure is based on: 1138 |
Revision History: New 8/30/2019; Revised 10/02/2023 |
1.0 Scope
The procedure applies to all regular and administrative users of the Enterprise Resource Planning (ERP) system (Jenzabar CX).
2.0 Purpose
This procedure outlines how the College shall monitor system access for unusual or suspicious activity to protect data from the risk of theft, manipulation, or misuse of financial, sensitive, or confidential information from unauthorized access and user behavior.
3.0 Definitions
3.1 Enterprise Resource Planning system – Higher education Enterprise Resource Planning (ERP) systems manage and automate workflows at colleges and universities. They standardize and streamline the flow of information between all business functions and departments within an institution. This is made possible by the ERP combining the functionality of multiple systems such as a student information systems (SIS), school administration software, human resources, and financial management.
4.0 Procedure
4.1 Monitoring User Activity of Administrative User Accounts
The Director of Data and Systems or Designee needs to be able to correlate all super user activity in logs.
The SUSE Linux server that hosts Jenzabar CX, maintains a list of 'super users' in a file. When a user that is included in this file attempts to execute a command as a substitute user, the attempted command is logged in a separate file. These records are imported into the Jenzabar database on a regular basis. The records are included in a report, which is used for performing audits of substitute user commands. Additionally, a log of failed Jenzabar CX login attempts is emailed daily.
5.0 Inquiries
Direct inquiries about this procedure to: CIO
