Navigation

IS-XXXX Banner Access Control (Policy)

Release Date: 06/30/13

Policy

Under the Authority of the CNM Executive Council

Administrative Directive

Purpose

Central New Mexico Community College (CNM) uses the Banner system as its primary enterprise resource planning (ERP) system. As such, the Banner system is accessed on a regular basis by CNM’s Employees. This Administrative Directive governs the process for providing access control to the banner system through the Banner Security mechanism. The roles and responsibilities of various positions and departments within the CNM community, with regard to Banner Security, are also defined herein.

Roles and Responsibilities

The Office of Planning and Institutional Effectiveness (OPIE) serves the role of Data Steward for all CNM Data.  The following responsibilities are delegated to the OPIE:

  • Creating and maintaining the Role Access Matrix (RAM), which designates the access assigned to each specific Job Class within CNM

  • Convening the Role-Based Access Team (RBAT) and Banner Module Coordinators (BMC) as necessary to support RAM maintenance and exceptions to the RAM

  • Communicating any changes to the RAM to all parties to this Administrative Directive

  • Requesting Banner Access for new and transferred employees through the Office of Information Technology Services (ITS)

The Human Resources (HR) department serves the role of initial entry for new employees, as well as transfer and/or separation of current employees.  The following responsibilities are delegated to the HR department:

  • Initial Onboarding of employees

  • Requesting creation of Banner Accounts through the Office of Planning and Institutional Effectiveness (OPIE)

  • Informing OPIE when an Employee transfers to a different Job Class

  • Informing OPIE and the ITS of any employee separations

The Office of Information Technology Services (ITS) serves the role of execution and enforcement of this policy.  The following responsibilities are delegated to ITS:

  • Creation of banner accounts

  • Administration of Banner Security according to the RAM and exception as directed by the OPIE

  • Locking of Banner accounts for employee separation as directed by the HR department

  • Locking of Banner accounts in the event of account compromise as directed by the ITS Information Security team

Role Access Matrix

The Role Access Matrix (RAM) is created and maintained by the OPIE using the Role Based Access Team (RBAT) and the Banner Module Coordinators (BMC) group.  This is the source document for all Banner Access permissions.  Exceptions to the RAM are allowed only upon the OPIE convening the RBAT to approve the exception.

New Employee Access

Access to Banner for New Employees is initiated through the HR department and flows as follows:

  • The HR department sends a request to the OPIE requesting access for the New Employee with the following information:

    • Username

    • Employee’s First and Last Name

    • Department

    • CNM ID#

    • Job Class

  • The OPIE reviews the request and, upon approval, forwards the request to the ITS department

  • The ITS department creates the Banner account and assigns access as designated by the OPIE

Employee Transfers

Banner access for transferred employees is governed by their Job Class. Access is initiated through the HR department and flows as follows:

  • The HR department will send a request to the OPIE requesting access for the Transferring Employee with the following information:

    • Username

    • CNM ID#

    • Existing Job Class

    • New Job Class

    • A request for the Transferred Employee to retain prior Job Class access ONLY if it is absolutely necessary

  • The OPIE reviews the request and, upon approval, forwards the request to the ITS department

    • If prior Job Class access was requested, it is the responsibility of the OPIE to decide the time period for which the prior Job Class access is required and provide this time period to the ITS department

  • The ITS department assigns Banner Access as requested by the OPIE

    • If prior Role Access was approved, then the ITS department will take responsibility for maintaining a reminder to remove the prior Role Access on the designated date

Access Exceptions

Additional access to Banner beyond the designated Job Class, as defined by the RAM, must be approved by the OPIE.  The request will flow as follows:

  • The requesting department will make the request for additional access to the OPIE

  • The OPIE will convene the RBAT with the appropriate BMC members

  • If the access is approved, the OPIE will forward the approved request to the ITS department with the following information

    • Username

    • CNM ID#

    • Additional Classes and/or specific forms as requested

  • The ITS department assigns Banner Access as requested by the OPIE

  • The OPIE will notify the requesting department of approval or disapproval

Employee Separation

When employees leave CNM, it is necessary that their access to all computer systems and networks be terminated.  This process is followed within other processes, so its inclusion herein is for documentation only.  The following workflow will be used when an employee separates from CNM:

  • The HR department will notify the ITS department of the separation

  • The ITS department will remove all Banner Access and lock the banner account




Forms:

    Not Applicable

Support Materials:

    Not Applicable

Reference Materials: