1
LOGICAL ACCESSLOGICAL ACCESS
Remedy Management Remedy Management System TrainingSystem Training
- Health Sciences Center -- Health Sciences Center -
Click the Speaker Icon for AudioClick the Speaker Icon for Audio
2
AgendaAgenda
• Logical Access: Definitions and ControlsLogical Access: Definitions and Controls• Workflow Workflow • Documentation ProcessDocumentation Process• Remedy Screen ShotsRemedy Screen Shots• Helpful LinksHelpful Links
3
DEFINITONSDEFINITONS
Logical Access
Process by which individuals are permitted to use computer systems and the networks to which these systems are attached. Furthermore, applications and networks, and the services they provide, are available only to those individuals who are entitled to use them.
4
CONTROLSCONTROLSLA1 A formalized documented system for user access is establishedLA2 Full user Account information is documented and retainedLA3 Authorized approval and documentationLA4 User access is verified by Process OwnersLA5 Segregation of duties analysisLA6 Segregation of duties analysis for administrative usersLA7 User password requirements are established and enabledLA8 Application password requirements are established and
enabledLA9 Automatic lock-out controls are established and enabledLA10 Documentation and control for TerminationsLA11 Monitoring Access Reviews LA12 Auto-Logging established, tracked and reviewed
5
1. BPO approves the completed access forms
2. User completes required training
3. Product Manager reviews forms for completeness and approval, and documents into a Remedy ticket
4. Access is granted and confirmed
HIGH LEVEL WORKFLOWHIGH LEVEL WORKFLOW
Four Step Process
6
ACCESS FORM - BasicsACCESS FORM - Basics
• User Information • Type of Request• Access Type with Specific Details• Statement of Approval
– Accuracy of request– Knowledge of University policies and procedures– Required Training has been addressed– Segregation of duties has been considered
• Authorized Approver Signature
LA CONTROLS 1-6 AND 10LA CONTROLS 1-6 AND 10
DOCUMENTATIONDOCUMENTATION
See “Helpful Links” for your specific application
7
DOCUMENTATIONDOCUMENTATION
For New or Change of Access:
• Attach Request Form (required)• Verify and/or attach Confidentiality Agreement• Verify User Current Access • Notify Hiring Manager/Process Owner
For Termination of Access:
• Attach Request Form or Termination Report (required)
• Lock/Disable User Account• Notify Hiring Manager
Product Managers record the following information into Remedy
8
DOCUMENTATIONDOCUMENTATION
1.1. Change/Delete AccessChange/Delete Access Similar process as a new user request
• Requires an Access Form• Segregation of Duties Analysis for Change Request• All Changes recorded in Remedy
2. Termination Requests: submitted prior to users last day
3. Notification to Human Resources prior to users last day
Key Points to Remember:Key Points to Remember:LA CONTROLS 10
9
REMEDYREMEDY
10
REMEDYREMEDY
11
REMEDYREMEDY
12
REMEDYREMEDY
13
REMEDYREMEDY
14
REMEDYREMEDY
15
REMEDYREMEDY
16
REMEDYREMEDY
17
REMEDYREMEDY
18
REMEDYREMEDY
19
REMEDYREMEDY
20
REMEDYREMEDY
21
REMEDYREMEDY
22
REMEDYREMEDY
23
REMEDYREMEDY
NOTE: The actions in this tab look different on the web version than the desktop client.
24
REMEDYREMEDY
25
REMEDYREMEDY
26
HELPFUL LINKSHELPFUL LINKSBanner Products Logical Access Information:http://www.slu.edu/services/HR/university_security_forms.html
IDX Products Logical Access Information: http://pmoweb.slu.edu/
EHR Products Logical Access Information: http://ehr.slucare.edu/
eRS Products Logical Access Information:http://ers.slu.edu/
Logical Access Change Management Initiative:http://www.slu.edu/x20377.xml
Refer to Product Manager for all other products