M E M O R A N D U M
To: Security Officers and Chief Fiscal Officers
From: Martin J. Benison, Comptroller
Paul Dietl, Chief Human Resource Officer
John Letchford , Assistant Secretary for IT and CIO
Date: November 15, 2011
Re: Security Officer Review - Statewide Enterprise Systems Security Comptroller Memo FY2012-10
Enterprise systems provide access to sensitive data and allow users to process financial transactions. Annually, Department Security Officers are asked to review individuals that have access to these systems to ensure that they have correct and fiscally appropriate access.
The Statewide Enterprise Systems Security Policy requires Department Security Officers to certify security access to enterprise systems annually. This certification is due at the end of the calendar year. Department Heads provide this approval at the end of the Fiscal Year, thus a formal review is performed every six months.
The Department Security Officer review covers the enterprise systems listed below and should include any individual who can approve obligations and expenditures (execute contracts, signoff on payroll, incur obligations, authorize payments, etc.) on behalf of a Department Head even if that individual does not access these enterprise systems.
- CIW: The Commonwealth Information Warehouse provides access to financial, labor cost management, time and attendance, human resources and payroll data for MMARS, LCM, UMASS and HR/CMS as well as a variety of historical databases—Classic MMARS, PMIS and CAPS. CIW contains confidential data that is protected by both federal and state privacy laws. In no case should employees have privileges beyond those necessary to successfully complete their job duties.
- HR/CMS: The Human Resource/Compensation Management System supports time and attendance, human resources and payroll. HR/CMS contains confidential data that is protected by both federal and state privacy laws. In no case should employees have privileges beyond those necessary to successfully complete their job duties.
- InTempo: The on-line security system through which you request access to these enterprise systems from the Information Technology Division.
- MMARS/LCM: The Massachusetts Management Accounting and Reporting System, including the Labor Cost Management sub-system, supports the financial functions performed by Commonwealth Departments. MMARS contains confidential data that is protected by both federal and state privacy laws. In no case should employees have privileges beyond those necessary to successfully complete their job duties.
Please review all security reports, process whatever changes are appropriate and provide this certification on the Department Security Officer Annual Review Form and e-mail it to firstname.lastname@example.org no later than December 30, 2011.
The latest enterprise security reports are available via Doc Direct as of November 3. The December reports will be available December 1 and re-run again on December 15 for you to verify any changes you have made.
The Comptroller’s Security Unit is available to answer any questions and assist you with MMARS issues - contact Dan Frisoli at (617) 973-2614. Contact ITD’s CommonHelp (866) 888-2808 to answer any questions and to assist you with security for CIW, HR/CMS and Intempo.
Thank you for your prompt attention to this task.