Accessing Enterprise Resources
Computerized Information Access (CIA) Request forms document, monitor, and manage access to enterprise resources like PeopleSoft, which accesses Human Resources or Student Administration information, and other information systems, like Active Directory and OnBase Document Repository. CIA Request Process, through the use of OnBase Workflow, is the method that:
- Obtains MPP approval
- Documents Security Administrator authorization
- Ensures training requirements are met
CIA Requests are required when new access is needed or people transfer from one department to another.
Submitting CIA Requests
Since November, 2017 creation of CIA Requests has become a delegated process meaning each college, division, and unit has designated individuals who are authorized to create CIA Requests on your behalf. If you don't know who your delegate is ask your AA/S or administrative support personnel. If additional CIA Delegates are needed they can be added by sending the person's name, emplid & email address to: email@example.com. Be sure to "cc" the MPP.
Resources - Instructional Guides
Additional assistance is found in these guides:
- CIA Delegate Guide (2020) - Full of handy information, the CIA Delegate Guide provides "how tos" with screen shots, Frequently asked questions and more.
CIA Component and Training List (2020) - latest spreadsheet containing detailed information about the components found in the CIA Request - component descriptions, requirements - both paper and training, security administrators
- MPP CIA Approval (2020) - short guide showing MPPs how to approve CIA Requests.
- CIA Security Admin Approval Instructions (2020) - Short PDF Document with instructions for security administrators.
Questions? - contact firstname.lastname@example.org.
There are two types of prerequisites: training and paperwork. All components require at minimum Information Security Training. Many components have additional training requirements. The only components with paperwork requirements are: Absence Management components, both Timekeeper and Approver, Master Pay Warrant Authorization, ProCard and Requisitions, requester, reviewer and approver.
The Information Security training teaches recommended security practices for minimizing risks and preventing leaks of sensitive information. It also provides a review of roles and responsibilities regarding private information by addressing federal law, state law, and university policies, including the Acceptable Use Policy for Electronic Communication.
To sign up for training go to ITS Training Services which is found here: https://www.csusb.edu/its/training
Frequently Asked Questions
- What if the paper CIA form is needed?
Old PDF versions of the CIA form are available by sending a request to: email@example.com.
- What if I have incorrect or incomplete access after a request is completed?
If you believe there was a mistake or that your access is incomplete then email firstname.lastname@example.org. If you're having trouble logging in then contact the Technology Support Center.
- How is access suspended or removed?
An MPP emailing email@example.com with the name, employee ID, and date last physically worked in the unit.
- What if someone transfers departments?
People moving from one department to another will lose their administrative PeopleSoft access. It is recommended that before the transfer takes effect a new CIA Request is submitted. This request should have the information for the new department, the new MPP and new supervisor. Plus the components on the CIA Request should reflect the new duties thereby providing for a quicker and smoother transition of access. De-provisioned access is documented. So, if there are questions about someone's access - an email with the emplid and name of the individual can be sent to firstname.lastname@example.org.
- What happens when someone goes on temporary or permanent leave of absence, or temporary reassignment?
When such an event occurs, supervisors must notify human resources and email email@example.com with the name, employee ID, include start and end dates of absence. The Security Administrator will revoke the appropriate access and notify the Supervisor upon completion. These actions are done because Supervisors are responsible for protecting the confidentiality, integrity, and availability of sensitive information for personnel transferred to other positions, granted temporary or permanent leave of absence, or terminated from employment.
To reinstate access, returning personnel will need to submit a new CIA Request form.