To:         Security Officers and Chief Fiscal Officers

From:     Martin J. Benison, Comptroller
              Paul Dietl, Chief Human Resource Officer 
              John Letchford , Commonwealth Chief Information Officer

Date:      November 21, 2013

Re:         Security Officer Review - Statewide Enterprise Systems Security

 Comptroller Memo FY2014-14


Executive Summary

Enterprise systems provide access to sensitive data and allow users to process transactions.  Annually, Department Security Officers are asked to review individuals that have access to these systems to ensure that they have correct and appropriate access.

The Statewide Enterprise Systems Security Policy requires Department Security Officers to certify security access to enterprise systems annually.  This certification is due at the end of the calendar year.  Department Heads provide this approval at the end of the Fiscal Year, thus a formal review is performed every six months.


The Department Security Officer review encompasses the enterprise systems listed below and should include any individual who can approve obligations and expenditures (execute contracts, signoff on payroll, incur obligations, authorize payments, etc.) on behalf of a Department Head even if that individual does not access these enterprise systems.

  • CIW: The Commonwealth Information Warehouse provides access to financial, labor cost management, time and attendance, human resources and payroll data for MMARS, LCM, UMASS and HR/CMS as well as a variety of historical databases—Classic MMARS, PMIS and CAPS.  CIW contains confidential data that is protected by both federal and state privacy laws.  In no case should employees have privileges beyond those necessary to successfully complete their job duties.
  • HR/CMS: The Human Resource/Compensation Management System supports time and attendance, human resources and payroll.  HR/CMS contains confidential data that is protected by both federal and state privacy laws. In no case should employees have privileges beyond those necessary to successfully complete their job duties.
  • InTempo: The on-line security system through which you request access to these enterprise systems from the Information Technology Division.
  • MMARS/LCM: The Massachusetts Management Accounting and Reporting System, including the Labor Cost Management sub-system, supports the financial functions performed by Commonwealth Departments.  MMARS contains confidential data that is protected by both federal and state privacy laws. In no case should employees have privileges beyond those necessary to successfully complete their job duties.

Please review all security reports, process changes as appropriate and provide this certification via the Department Security Officer Annual Review Form and e-mail it to securityrequest@massmail.state.ma.us no later than December 27, 2013. 

The latest enterprise security reports are available via Doc Direct as of November 1.  The December reports will be available December 2 and re-run again mid December for you to verify any changes you have made.

The Comptroller’s Security Unit is available to answer any questions and assist you with MMARS and HR/CMS issues - contact Dan Frisoli at (617) 973-2614 or Lenny Montone at (617) 973-2570. Contact ITD’s CommonHelp (866) 888-2808 to answer any questions and to assist you with security for CIW and Intempo.

Thank you for your prompt attention to this task.

CC:

MMARS Liaisons
Payroll Directors
General Counsels
Internal Distribution