ETSU

Guidelines for

Data Standards, Data Integrity and Security

This Data Standards Document is a work in progress and is subject to change. To ensure that the most current version is readily available, it is included on the ETSU web page at

Prepared by: / ETSU Data Standards Subcommittee of the Information Technology Governance Committee
Version: / 3.5
Last Revision Date: / October 27, 2015
Create Date: / February 21, 2005
Table of Contents

Data Integrity Guidelines

Purpose

Scope of this Document

Administrative Responsibility

Data Standards Committee

Data Custodian Responsibilities

ETSU Data Custodians

Individual Responsibilities

Access to ETSU Data

Data Change Rules

Change Data

General Guidelines for Searching

Record Creation Considerations

Searching

Wild Card Searches

Case and Space Sensitivity

Prefix Searches

Multiple Records

Common Names

Instructions for Searches

ID Search

Person Name Search

Data Standards - General

General Person Information

Clean and Accurate Records

Date Standards

Calendar Dates

Date of Birth

Identification Number Standards

Alternate Identification Number...... 11

Veteran File Number

Name Standards...... 2

Last Name

First Name

Middle Name3

Prefixes

Suffixes

Preferred First Name (Optional)

Non-Person Name/Vendor4

Address Standards

Address Change Source

Address Types

Street Standards

City Standards

State & Province

County Codes

Nation Code Standards

Military Standards

Air Force Base (AFB)

Foreign Military Address

Telephone Numbers

General

Telephone Types

General Telephone Types

Address Telephone Types

Telephone Numbers

Area Code

Phone Number

Extension

International Telephone Numbers

International access code field

Country Code

City Code

North American Numbering Plan (NANP)

Email Address Type

Bank Routing Number

Religion Code

Appendix 1 – Address Type

Appendix 2 – Street Abbreviations

Appendix 3 – Secondary Unit Designators

Appendix 4 – States, Canadian Provinces & Overseas Military

Appendix 5 – Compass Directions

Appendix 6 – Telephone Types

Appendix 7 – Prefix Abbreviations

Appendix 8 – Suffix Abbreviations

Appendix 9 – Ethnicity Codes

Appendix 10 – Email Address Type

Appendix 11- Address Change Source Type

Appendix 12 – County Codes

Appendix 13 – Marital Status

ETSU

Background

The document Guidelines for Data Standards, Data Integrity and Security was originally developed by the TBR ERP Data Standards Task Force to serve as a template to develop institutional data standards. In November, 2004, this committeewas formed to review standards and guidelines and to help make decisions regarding maintenance of data in the administrative systems. The Task Force was charged to develop model policies, enact model procedures, and recommend priorities for utilization of resources used to support institutional data management systems. The membership was a cross-section of technical resources from two-year and four-year institutions and the SMO.

On April 27, 2005, an expanded task force, with a voting representative from each of the 19 two-year and four-year institutions, was created and empowered to continue the work of establishing data standards. That group also has ex officio members from TBR offices. Any questions regarding these standardsmay be addressed to the task force’s listserv () or directly to the chair of the task force ().

As the cohorts in the state of Tennessee begin their implementation of BANNER, the focus of this document has changed. Instead of serving as a template that each institution can use to develop a Data Standards document that meets its needs, the body of the document now reflects the TBR data standards. Appendices indicate whether values are state-wide standards that cannot be changed or merely a recommended set of values.

At this time, the document addresses only the information needed for general person/non-person essential for implementation of the initial Finance module. As the module specific standards from the various functional process teams (Advancement, Finance, Financial Aid, Human Resources, and Student) and the standards for those elements needed for TBR reporting are developed, they will also be distributed through the new TBR ERP Data Standards Task Force.

BANNER

SCT BANNER is the integrated software system purchased from SunGard SCT Corporation to replace certain components of the non-integrated systems currently in use at all Tennessee Board of Regents institutions.

SCT BANNER offers the institutions an increase in the quantity and quality of information that can be maintained as well as increased accessibility to that information, enhanced data security, and compatibility across functional areas of responsibility.

Within SCT BANNER there are separate modules for different functional areas. TBR has purchased the Finance, Human Resources, Financial Aid, Student, and Alumni/Development modules. Integration is achieved via a general module that ties the functional modules together. A person’s ID number, name, address, and basic demographic information are housed within the general module and shared by the other modules. The data are stored in tables residing in an Oracle database. The Oracle database is relational; tables are linked together by means of an internal identification number, thereby limiting data redundancy. There are more than 1,200 tables in the SCT BANNER system.

Data Integrity Guidelines

Purpose

These guidelines define the responsibilities of everyone accessing and managing data. Offices may have individual guidelines that supplement, but do not supplant or contradict, this statement. Data entrusted to the institution by other organizations (e.g., foundations and governmental agencies) are governed by terms and conditions agreed upon with those organizations. Specific issues not governed by such agreed terms shall be governed by the guidelines set forth in this document.

These guidelines were developed to ensure database integrity and achieve the goals of efficient, professional, and cost-effective communication for the ETSU community by:

  • avoiding creation of duplicate records for a single entity
  • providing complete name/address information in a timely manner, with an audit trail of changes
  • using standard entry to facilitate consistent reporting and searches
  • sharing effective processing discoveries and problem-resolution scenarios
  • taking advantage of the database capabilities and functionality.

Scope of this Document

This document defines the standards for maintaining the integrity of the data contained in the Banner software system. It covers the format and usage of data elements that are shared between systems and those that are common to all systems and generally referred to as the General Person data. While defining who has access and how to obtain access to this information is critical to the operation of the institution, it is better left to operational procedure manuals. This document is written specifically for those individuals that have update capability and therefore can seriously affect the integrity of the information. This information will also be helpful for those with inquiry access to the information to further understand the reason for certain formats of information. Again, complete information about accessing ETSU information is best left to operational procedure manuals.

The standards contained in the body of this document have been set by the Data Standards Task Force and cannot be changed by the institutions. There are 3 classifications of tables in the appendices of this document:

  • State-wide standard values – Institutions must ask the Task Force to add values or to change current values.
  • Recommended values – The values have been recommended by the Task Force. Institutions may add values as needed.
  • Open values – All values may be selected by the institution.

Lists of valid values are contained in the appendices. Each such table is denoted as to which table classification above it belongs.

Administrative Responsibility

By law, certain data are confidential and may not be released without proper authorization. Users MUST adhere to any applicable federal and state laws as well as ETSU policies and procedures concerning storage, retention, use, release, and destruction of data.

Electronic data are a vital asset owned by ETSU. All institutional data, whether maintained in the central database, copied into other data systems (e.g., personal computers, CD’s, thumb drives, and other portable devices), or maintained in any printed form remain the property of ETSU. Access to data is not approved for use outside a user’s official institution responsibility. Data will be used only for legitimate ETSU business. A policy governing access to ETSU records is located on the ETSU website.

As a general principle of access, ETSU data (regardless of who collects or maintains it) will be shared among those employees whose work can be done more effectively by knowledge of such information. Although ETSU must protect the security and confidentiality of data, the procedures allowing access to data must not unduly interfere with the efficient conduct of ETSU business.

Division/department heads will ensure that, for their areas of accountability, each user is trained regarding user responsibilities. As part of that training, each user will read, understand and agree to abide by the stipulations in this document.

Division/department heads will ensure a secure office environment with regard to all ETSU data systems. Division/department heads shall validate the access requirements of their staff according to their job descriptions before submitting a BANNER Access Request Form.

All procedures and data systems owned and operated by ETSU will be constructed to ensure that:

  • All data are input accurately.
  • Data accuracy and completeness is maintained.
  • System capabilities can be re-established after loss or damage by accident, malfunction, breach of security, or natural disaster.
  • Actual or attempted security breaches can be controlled and promptly detected.

Data Standards Committee

The Data Standards Committee will consist of the Data Custodians, or a representative from their area, and additional interested personnel and will establish the overall framework for data standards at ETSU. This committee is responsible for the development and maintenance of this document and the resolution of all data integrity issues. While the additional interested personnel are not data custodians they are significant stakeholders in the institution’s information. The committee will consist of:

Role / Member
Alumni/Development / Donald Harvill
Finance System / Kathy Kelley
Human Resources / Debbie Parks
Procurement and Contracts / Kathy Kelley
Student Financial Aid / Cindy Johnson
Student System / Stacey Woods, Mary Ellen Musick, Jeff Powers-Beck, Michele Williams
College of Medicine / Doug Taylor
College of Pharmacy / Steve Ellis
Institutional Research / Jack Sanders
Internal Audit / Edwina Greer
Information Technology Services / Josh Whitlock

Data Custodian Responsibilities

A Data Custodian is the director of anETSU office or department or their designee. The Data Custodian may make data within his/her charge available to others for the use and support of the office or department’s functions.

Two types of access are available:

Query-only access – Allows users to view, analyze, and download institutional data. The ability to change data within Banner is not available at this access level. Although a download of data is permitted, this information must not be altered in any way. All downloaded information must be used responsibly and great care given to the protection of sensitive data which may need to be retrieved.

Update access – Allows the user to change data within Banner. This level of access permits both query and update capabilities. Update access will be restricted to only those individuals having an authorized need to change institutional data in the normal course of their job duties.

Before granting access to data, the Data Custodian must be satisfied that protection requirements have been implemented and that a “need-to-know” is clearly demonstrated. By approving user access to ETSU data, the Data Custodian consents to the use of that data within the normal business functions of administrative and academic offices or departments.

Data Custodians are responsible for the accuracy and completeness of data files in their areas. Misuse or inappropriate use by individuals will result in revocation of the user’s access privileges. Data Custodians are also responsible for the maintenance and control of BANNER validation and rules tables. These tables, as well as processes related to their use, define how business is conducted at ETSU.

ETSU Data Custodians

Area of Responsibility / Data Custodian
Alumni/Development / Director of Alumni Records
Finance System (Budgets) / Financial Accounting Manager
Human Resources System / Director of Human Resources
Procurement and Contracts / Assistant Vice President of Procurement and Contracts
Student Financial Aid System / Director of Financial Aid
Student System / Registrar/Director of Admissions*

*Undergraduate, Graduate Studies, College of Medicine, College of Pharmacy as appropriate

Individual Responsibilities

Individuals to whom Data Custodians grant access are accountable to the Data Custodians for their use of the data. Any individual granted access to data resources is required to acknowledge by signature that they understand all policies related to data access and usage of electronic information resources.

Users MUST protect all ETSU data files from unauthorized use, disclosure, alteration, or destruction. Users are responsible for the security, privacy, and control of data to which they have access including extracted data on laptop computers, CD’s, thumb drives, other portable devices, and any printed form. The user is responsible for all transactions occurring during the use of their log-in identification (ID) and password. Employees are not to loan or share their access codes with anyone. If it is discovered that access codes are being loaned or shared, employees who are assigned access to records are subject to disciplinary action, up to/or including termination.

Access to ETSU Data

Data security is every user’s responsibility. BANNER classifications will be established based on job function such as personnel representative, fiscal assistant, faculty, cashier, etc. Specific capabilities will be assigned to each classification. Each user will be assigned a classification or possibly several classifications, depending on their particular needs as established by their division/department head and approved by the Data Custodian(s). Please refer to the ETSU BANNER System Security Guide for greater detail.

Users can request an id and password to access BANNER by following the process for requesting access outlined in the “How Do I Get Access to BANNER?”[EYG1] document.

The BANNER System Security Guide and “How Do I” documents can be found on the BANNER Project Website or in the ETSU Knowledge Base. (Still need to complete)

Data Change Rules

Never make a change to an employee, student or non-person record without proper documentation and authorization/approval from the Data Custodian. The following rules govern which office makes name, address,telephone number and/or identification number changes to student, employee, or non-person records in the integrated administrative information system called BANNER. These rules are subject to changes as new procedures are defined and implemented.

If the person is a/an: / Then:
Employee (exclusive of other status)
Employee (current or former through issuance of their final W-2 form) except, Medical Residents and student workers / Human Resources makes the change. See appropriate section below for required documentation.
Medical Resident (current or former through issuance of their final W-2 form) / College of Medicine Finance and Administration staff can make change. See appropriate section below for required documentation.
Student worker / Registrar can make the change with appropriate documentation. See appropriate section below for required documentation.
Student
Recruit, Applicant, or Currently Enrolled Student (excluding employees as defined above) – An enrolled student maintains current status until one major term (fall or spring) is missed. / Appropriate registrar* or Admissions Office* can make the change with proper documentation (see list below).
Vendor
Vendor (excluding employee, retirees, and students) / Only Purchasing or Accounts Payable can make the change to an AP or PO address type.
Alumni/Development
Alumni/Donor Only / Alumni/Development can make the change. No documentation is required.

*Undergraduate admissions, Graduate Studies, College of Medicine, College of Pharmacy

Change Data

  • Make data changes ONLY when you have that authority and when you follow the procedures established by the Data Custodian of the data you need to change.
  • Remember – some data fields have specific data entry rules. See the specific section under General Person Information for those data entry rules.
  • Special characters: The pound sign (#), percent sign (%), ampersand (), underscore (_), left square bracket ([) and right square bracket (]) are not to be used because they have other functions in Oracle.

Name Change Policies

Professional judgment must be used to determine the difference between correction of an error as opposed to a name change. (Question – Do we want to type over or delete the old information for corrections or create a new record?) Banner will automatically save the previous name when a change or correction is made. If the entry is a correction and not a name change, the incorrect previous name record should be removed from the “alternate names/IDs” list. Name changes for all employees (current and former) and retirees must be supported by a social security card. For all other entities, acceptable documentation may be one of the following:

  • Social Security Card
  • Court Order Document
  • Driver’s License
  • Marriage License
  • Passport

Address/Telephone Change Policies

Professional judgment must be used to determine the difference between correction of an error as opposed to an address/telephone change. If the entry is an address/telephone correction, the corrected information should be typed over the incorrect date. No previous or alternate record will be maintained. For a change of address, the previous address should be maintained in Banner. Enter the effective date of the change in the “To” field and click the “inactive” indicator of the old address. Then insert a new record and type in the new address choosing the correct address type. If the effective date is earlier than the current day, then type the effective date in the “From” field.