| 1. |
Policy |
| 1.1 |
The Director, Financial Services will be responsible for
maintaining appropriate controls relating to access to the Flinders
University Finance System. |
| 1.2 |
Procedures will be established to control the following risks:
• unauthorized staff gaining access to the Finance
System
• loss of finance data
|
| 1.3 |
The Director, Financial Services will determine which Financial
Services Division staff will be authorised to create and modify
user access to the Finance System. Provision of this ‘super
access’ will require written approval by the Director,
Financial Services. |
| 1.4 |
The Director, Information Services will be responsible for
ensuring that adequate backup and recovery procedures for finance
data are in place. |
| 2. |
Procedures |
| 2.1 |
Categories of access |
| 2.1.1 |
The following categories of access exist: • update
access
• view access |
| 2.1.2 |
Update access will only be provided to Flinders University
staff, or staff of Flinders University subsidiaries where these
subsidiaries use the Finance System. Update access will only
be provided to other users if approval in writing has been given
by the Director, Financial Services. |
| 2.1.3 |
View access may be provided to other users, such as Flinders
Medical Centre staff, provided authorisation for this has been
given by a supervisor who is a Flinders University staff member
or a staff member of a Flinders University subsidiary. For the
purposes of authorising access to the Finance System, a supervisory
staff member includes grant holders. |
| 2.2 |
Initial access |
| 2.2.1 |
Staff* requiring access to the Finance System must complete
and submit an Application
for Access form. The form must be signed by the staff member’s
supervisor and be submitted to the Finance Users Support Team
(FUST) Office. |
| 2.2.2 |
Access to the Finance System is based on defined responsibilities.
The relevant responsibilities of the staff member must be indicated
on the Application for Access form so that appropriate access
to the Finance System can be determined and assigned. FUST Office
staff will only assign user access which is consistent with
the information provided on this form. |
| 2.2.3 |
A staff member requesting access to the Finance System will
be required to certify the following in writing:
•
acceptance of responsibility for the proper use and confidentiality
of the information available through the Finance System
• an undertaking not to release personal details to
any person not authorised to receive this information
• an undertaking not to release their log-in details
for use by any other person.
|
| 2.2.4 |
Finance System users will be assigned a password on being
provided with initial access and will be asked to change this
when they first access the system. Forced changes to passwords
will be required every 90 days. |
| 2.3 |
Changes to access |
| 2.3.1 |
Staff members requiring changes to their access to the Finance
System must complete and submit an Application
for Access form signed by their supervisor. |
| 2.4 |
Termination of access |
| 2.4.1 |
The FUST Office will be provided with a report indicating
staff cessations on a fortnightly basis. This report will be
checked to determine whether the staff members who have ceased
employment with the University had access to the Finance System
so that this access can be terminated. The report will be annotated
to indicate the action taken and will be placed on a central
file |
| 2.5 |
Session termination |
| 2.5.1 |
When the Finance System is being accessed the session will
be automatically terminated if the user does not enter a key
stroke or mouse command within 90 minutes. |
| 2.6 |
Data backup |
| 2.6.1 |
Finance System data will be backed up overnight by the Information
Services Division. |
| 2.6.2 |
A test of restoring backed up Finance System data will be
performed at least once per year. A report relating to this
test will be provided to the Director, Financial Services for
review. |
| |
|
| *The term ‘staff’
refers to those who are eligible for access in accordance with
clauses 2.1.2 and 2.1.3. |
| |
|
