Data Security and Stewardship Committee
Cordelia Camp 101a
Wednesday, December 9, 2009
Present / Pam Buchanan, Craig Fowler, Lisa Gaetano, Larry Hammer, DebbieJustice, ScottKoger, Mary Ann Lochner, Zeta Smith, MikeStewart, and Scott Swartzentruber
Absent / Steve Christison and Kay Turpin
Recorder / Jenny Owen
Handouts / Annual Certification of Banner Access (provided by Larry Hammer)
Approval of Minutes / ·  Craig Fowler made a motion to approve the minutes from the Data Security and Stewardship Committee (DSSC) meeting that was held on Monday, November 23, 2009. There was no opposition, and the motion carried unanimously.
MCD Policy Update / ·  Fowler said Mary Ann Lochner had reported to him that the Law, Equity, and Auditing Office approved of the concept of the two-tier proposal for security and support of mobile communication devices at the university.
·  Scott Koger reported that UNC Greensboro recently passed a mobile communication device policy that resembles East Carolina’s policy. Fowler said UNC Charlotte had passed a similar policy.
Action Items / ·  Fowler will be meeting with others from across campus to get their feedback on the two-tier proposal.
·  Scott Swartzentruber will check with Neil Torda to confirm that the new Entourage Mac client will work without IMAP.
Security Training – Policy95 / ·  DSSC members discussed how the security training, along with the training acknowledgement and confidentiality agreement that are part of Policy 95, will be done.
·  Scott Koger said the security training will be put into WebCat as an “online course.” It will go live after Lochner has a chance to review the training module from a legal standpoint and provide her feedback.
·  How to track who has completed the training is still undecided. Some suggested using Training Register; however, because Human Resources is so short staffed, the Faculty Center agreed to temporarily help out with managing Training Register. Currently the Faculty Center uses it to track faculty training. There was some discussion about who actually “owns” Training Register.
·  Larry Hammer suggested using a feature in Banner called Open Learning to track training.
Action Item / ·  Fowler said Debbie Justice and Anna McFadden have been charged with coming up with a way to track security training and the processing of the confidentiality agreement that is part of Policy95.
Recertification / ·  DSSC members discussed the recent IT audit’s requirement that WCU put in place an annual recertification process for those who have access to Banner systems.
·  Hammer handed out an outline of how the Registrar’s Office does recertification for access to their Banner systems. Hammer explained that this is done by reviewing memberships in the security classes that belong to the Registrar’s Office.
·  Fowler asked if there were any other ways this could be done other than forcing the security owner to manually review this information each year. Suggestions:
o  Implement a lockout on a certain date each year; for example, do this on August 1 and give individuals up to 60 days to get recertified for their Banner access. This process would include an audit trail with official forms.
o  Recertify one class at a time.
Action Item / ·  At a recent IT audit finding meeting, Lisa Gaetano was asked to schedule a meeting with key people to talk about coming up with an annual recertification process for accessing Banner systems. Fowler asked Gaetano to include Hammer in this meeting.