COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT Arapahoe Street Denver, CO

Similar documents
CELL PHONE POLICY Page 1 of 5 City of Manteca Administrative Policy and Procedure

Cell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Union Bank s NMLS REGISTRATION GUIDE. PREVIOUSLY REGISTERED Mortgage Loan Originator (MLO)

ATTACHMENT A POLICES AND PROCEDURES REGARDING CELLULAR TELEPHONES AND MOBILE COMMUNICATION DEVICES

DATA SUBJECT ACCESS REQUEST PROCEDURE

Ohio Supercomputer Center

Certification Requirements and Application Procedures for Persons and Firms.

Page 1 of Matthews Mint Hill Road, Suite C; Matthews, NC Phone Fax

CUMBRE VISTA HOMEOWNERS ASSOCIATION, INC. RECORDS INSPECTION AND COMMUNICATIONS POLICY AND PROCEDURE. 1-Pl) ~ \ 1

Use of Controlled Substances in Research

Virginia Commonwealth University School of Medicine Information Security Standard

Data Subject Access Request

Red Flag Policy and Identity Theft Prevention Program

Red Flags/Identity Theft Prevention Policy: Purpose

DISADVANTAGED BUSINESS ENTERPRISE PROGRAM. Unified Certification Program OKLAHOMA

Privacy Policy Effective May 25 th 2018

Union Bank s NMLS REGISTRATION GUIDE. UNREGISTERED Mortgage Loan Originator (MLO)

Online Filing Guide for Charities and Professional Fundraisers

SLED Certification of 3 rd Party NCIC/SCIC Applications Overview February 2, 2004

Participation Agreement for the ehealth Exchange

LANDER COUNTY SCHOOL DISTRICT P.O. Box Weaver Avenue Battle Mountain, Nevada PH: (775) FAX: (775)

Care Recruitment Matters Limited Privacy Notice

HBW LAW LTD T/A HESELTINE BRAY & WELSH

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

NEWTON COUNTY OPEN RECORDS ACT POLICY

Change Healthcare CLAIMS Provider Information Form *This form is to ensure accuracy in updating the appropriate account

Acceptable Use Policy

TITLE 595. DEPARTMENT OF PUBLIC SAFETY CHAPTER 10. CLASS D DRIVER LICENSES AND IDENTIFICATION CARDS AND MOTOR LICENSE AGENT PROCEDURES

You are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person.

AGENCY APPLICATION AND PARTICIPATION AGREEMENT MISSOURI POLICE CHIEFS CHARITABLE FOUNDATION CERTIFICATION PROGRAM

Enterprise Income Verification (EIV) System User Access Authorization Form

California Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT

Missouri Housing Development Commission Certified Property Management Agent Program

Change Healthcare CLAIMS Provider Information Form *This form is to ensure accuracy in updating the appropriate account

INDEPENDENT REGISTERED REPRESENTATIVE ANNUAL CERTIFICATION

EDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017

a completed Verification of Interior Designer Examination and Certification Form to provide evidence of having passed the NCIDQ Examination.

PRELIMINARY - PENDING APPROVAL

Railroad Medicare Electronic Data Interchange Application

Privacy Policy I. COOKEVILLE COMMUNICATIONS PRIVACY POLICY II. GENERAL PRIVACY GUIDELINES

What information is collected from you and how it is used

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Data Subject Access Request Form (GDPR)

MEDICARE Texas (TRAILBLAZERS) PRE-ENROLLMENT INSTRUCTIONS 00900

Conditions of Rental

FinFit will request and collect information in order to determine whether you qualify for FinFit Loans*.

Ch. 5 UPC SCANNING SYSTEMS CHAPTER 5. UPC SCANNING SYSTEMS AND PLU DEVICES GENERAL

Customer Proprietary Network Information

Certified Assessor. Application for COBIT Certified Assessor

Postal Inspection Service Mail Covers Program

APPLICATION CHECKLIST IMPORTANT Submit all items on the checklist below with your application to ensure faster processing. APPLICATION REQUIREMENTS

TEXAS MEDICARE (TRAILBLAZERS) CHANGE FORM MR085

ELECTRIC RULE NO. 25 Sheet 1 RELEASE OF CUSTOMER DATA TO THIRD PARTIES

Privacy Policy of

ECA Trusted Agent Handbook

CERTIFICATE POLICY CIGNA PKI Certificates

Prevention of Identity Theft in Student Financial Transactions AP 5800

Digital Signatures Act 1

We collect information from you when You register for an Traders account to use the Services or Exchange and when You use such Services. V.

CCAM (Certified Community Association Manager) Certification Application

Records Retention Policy

DRAFT. Amendment to Chapter 102 Taxation Article I In General, by adding a new Section titled Omitted Real Property Assessments.

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

Information Security Incident Response and Reporting

REGULATION BOARD OF EDUCATION FRANKLIN BOROUGH

Acceptable Use Policy

The CERT Top 10 List for Winning the Battle Against Insider Threats

ECLIPSE FOUNDATION, INC. INDIVIDUAL COMMITTER AGREEMENT

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

EDI ENROLLMENT AGREEMENT INSTRUCTIONS

OnlineNIC PRIVACY Policy

INFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ

Shaw Privacy Policy. 1- Our commitment to you

HPE DATA PRIVACY AND SECURITY

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Mississippi Medicaid. Mississippi Medicaid Program Provider Enrollment P.O. Box Jackson, Mississippi Complete form and mail original to:

Part A/Part B/HHH EDI Enrollment (Agreement) Form and Instructions

Standard CIP Cyber Security Critical Cyber Asset Identification

PRIVACY NOTICE. 1.2 We may obtain or collect your Personal Data from various sources including but not limited to:

JURISDICTION 11 EDI CONTRACT INSTRUCTIONS

Identity Theft Prevention Program. Effective beginning August 1, 2009

Petroleum Mechanic Certification Program Policies and Procedures

Information Security Incident Response Plan

Legal, Ethical, and Professional Issues in Information Security

Wireless Communication Stipend Effective Date: 9/1/2008

Standard CIP Cyber Security Critical Cyber Asset Identification

South Carolina Association of School Business Officials. Certification Program Guidelines

ASP Professional Standards and Certification Program for Strategic Planning and Strategic Management ASP CERTIFICATION

Wireless Services Allowance Procedure

Orange County EMT Accreditation Application

Renewal Registration & CPE for CPAs in Iowa

Birmingham Midshires - Terms and Conditions Mortgage Intermediaries On-line Terms of Use (June 2017)

SUBJECT: Cellular Phone Policy Effective Date: 7/1/2010. Department: Information Technology Policy No.: IT-1002

SECTION.0900 LEAD-BASED PAINT HAZARD MANAGEMENT PROGRAM FOR RENOVATION, REPAIR AND PAINTING

SDR EDUCATIONAL CONSULTANTS

PRIVACY NOTICE STORM RECRUITMENT UNIT 11, 2 ND FLOOR CHARLESLAND CENTRE, GREYSTONES, CO. WICKLOW 1. INTRODUCTION

Business Banking Online application

RENEW or UPGRADE APPLICATION CAREER AND TECHNICAL TRADE AND INDUSTRIAL EDUCATION (CTTIE) CERTIFICATE

Transcription:

STANDARD PROCEDURE COLORADO DEPARTMENT OF LABOR AND EMPLOYMENT 1515 Arapahoe Street Denver, CO 80202-2117 Number... Effective Date...12/13/90 Supersedes... Revision Date... Executive Director's SP-71 Approval... Under Revision... Document Title: SP-71 Computer Systems Access and Security Clearance Document Category: Automation Technology Subject Matter: Computer Management Originator: Number of Pages: 11 Contact: Contact Phone: Body: I. PURPOSE This procedure is administered by the Investigations and Criminal Enforcement Section (ICE) and is effective on the date shown in the heading. The purpose of this procedure is to minimize the potential for a USER to obtain transaction level access to CDLE Computer Systems or other NON-CDLE Computer Systems presenting opportunities for financial gain by illegal means or with fraudulent intentions. Transaction level access is that condition which allows one to create, modify or delete any data element in any record or file of any application program or any operating system within Computer Systems. This document establishes procedures for: A. Authorizing USERs to obtain transaction level access to such CDLE Computer Systems. B. Authorizing CDLE Employees to obtain access to such NON-CDLE Computer Systems. C. Conducting an ADP Security Clearance. The DEPARTMENT has the obligation to protect the taxpayers' investment in the assets and information used to conduct necessary government operations. This responsibility is made more complicated by the need for computer systems and the enormous impact these systems have on the way business obligations are satisfied. Since computer systems can be surreptitiously subverted for illegal purposes, possibly causing severe financial losses to Colorado taxpayers or possibly disrupting the Department's ability to serve Colorado citizens, the following criteria are established: 1. Any USER requiring transaction level access to any CDLE computer system in which opportunities exist for illicit financial gain, must comply with the procedures described herein. This does not include current USERs who have transaction level access or new users needing "inquiry or read only" access to such CDLE computer systems. The two CDLE applications currently identified as having potential opportunities for illicit financial gain are CUBS and CATS. These applications are designated as security-sensitive applications. 2. Any CDLE employee requiring access to such NON-CDLE Computer Systems must comply with the procedures described herein. This may include USERs currently having any level of

transaction access and will include all new CDLE USERs requiring transaction access to NON-CDLE Computer Systems. NON-CDLE USERs (i.e., local partners and community based organizations) seeking access to NON-CDLE Computer Systems must request such authorization directly from the NON-CDLE Computer System Owner. USER, as defined herein, is anyone requiring access to the CDLE or NON-CDLE Computer Systems in order to perform an authorized function or series of functions 3. The security clearance procedures defined herein will be implemented to determine whether any USER requesting transaction level access or requesting that any transaction level access be added to his/her existing access should be given that privilege. If it is deemed that access should not be granted, access will be denied and the user requesting access may be subject to other appropriate administrative action based on the grounds for denial. II. POLICY This procedure supplements the USER security and access authorization elements set forth in the CDLE ADP Security Policy (transmitted under DL (OIS) 90-174) and the ADP security procedures manual that is restricted to Local Security Coordinators. III. OBTAINING ACCESS TO CDLE COMPUTER SYSTEMS CDLE Cost Center Managers are responsible for approving all CDLE employees access to CDLE Computer Systems. Only Cost Center Manager signatures will be accepted by OIS for the processing of documents and forms requesting such access. Requests for access to CDLE Computer Systems by other than CDLE employees must be approved by the appropriate "CDLE contracting authority" as defined in section B of this procedure. The following describes the procedures for obtaining access to CDLE Computer Systems: A. CDLE USER/EMPLOYEE 1. The Cost Center Manager will: a. Inform the USER of all stipulations and restrictions relative to his/her use of CDLE Computer Systems as outlined in the CDLE ADP Security Policy. b. Obtain a completed and signed "Statement of Personal Compliance" form from the USER (sample attached). This form will be forwarded to the CDLE Personnel Unit for inclusion in the individual's file and made available during periods of compliance review. Copies may be retained by Cost Center Managers if they so desire. c. Obtain a completed and signed "Computer Access: Authorization to Conduct Security Clearance" form (sample attached). This form is required IF the USER is authorized for first-time transaction level access or is being authorized for additional transaction level access to a security-sensitive application(s) and has not had a security clearance performed within the last twelve calendar months. Send the signed form to Investigations and Criminal Enforcement Section (ICE). IF the USER declines to authorize an ADP security clearance: 1) The Cost Center Manager will cease all activity related to authorizing CDLE Computer System transaction access to security-sensitive applications for the USER. 2) The USER must check the "declination box", sign the form and provide a written explanation of

the reasons for the declination. 3) The Cost Center Manager will forward the signed declination form and written explanation to ICE. d. Complete and sign a "CDLE Employee Request for Access" form. Send the completed form to the Office of Information Systems (OIS) Customer Assistance for processing. e. The OIS Director is responsible for obtaining a signed Notice of Personal Compliance and a signed security clearance form from each individual contracted for overflow ADP services. 2. OIS will: a. Verify the proper completion and authorization of the "CDLE Employee Request for Access" form. IF any documentation elements are incomplete or missing, all documents will be returned to the originating Cost Center Manager for appropriate action and no further action will be taken. b. Process the requested USER access and contact the Cost Center Manager with the access information. c. Notify the CDLE Controller of the appropriate billing code associated with the new USERID. 3. The ICE will: a. Record/log the receipt of all documents and perform all activities related to security clearances or declinations in a timely and trackable manner. b. IF the USER's security clearance report is accepted, the ICE will make the appropriate notation on the form and retain the original form for future reference. It is not required that notification of acceptable security clearance be sent to the USER, appropriate Cost Center Manager or CDLE ADP Security Administrator. c. IF the USER's security clearance is not acceptable, ICE will: 1) Notify the CDLE ADP Security Administrator by telephone to immediately revoke the USER's access to all CDLE and NON-CDLE Computer Systems' security-sensitive applications. A follow-up written notification will be provided and will be signed and dated by the CDLE ADP Security Administrator as verification of USER access revocation and returned to the ICE. 2) Verbally notify the appropriate Appointing Authority, who, in turn, will verbally notify the Cost Center Manager of the revocation of existing transaction access and that the USER is restricted from any further transaction access. Reinstatement of the USER's access will be based upon the decision of the Executive Director. 3) Maintain a USER case file relative to all phases of the security clearance, investigative efforts and the final decision. d. IF the USER declines to authorize a security clearance, ICE will maintain a case file relative to the information gathered and present the findings to the Executive Director for decision. 4. The Executive Director will: a. Review the "reason for declination findings" resulting from investigative efforts presented by ICE, or;

b. Review the "reason for unacceptable security clearance findings" resulting from investigative efforts presented by ICE. c. Render a decision as to the USER's CDLE Computer Systems access and employment status in the Department. 1) Normally, the affected USER will be given the option, not a right, to transfer to another position which does not require transaction level access to a security-sensitive application(s), IF such a position is available and IF the USER is otherwise qualified. 2) IF such a position is not available, the Executive Director will then consider further action and the options available under Chapters 8 and 9 of the Colorado State Personnel Rules and Regulations. These options include termination of employment. d. Notify the appropriate Appointing Authority of the decision. The Appointing Authority will coordinate the decision and any required actions with the Personnel Director and/or ICE. B. NON-CDLE USER/EMPLOYEE Only the Executive Director has the authority to negotiate contracts resulting in CDLE Computer Systems access for USERs employed by vendors and their agents, state, federal and foreign agencies. CDLE Cost Center Managers have the authority to negotiate contracts resulting in CDLE Computer Systems access for USERs employed by local agencies/entities (Community Based Organizations, etc. The Executive Director and CDLE Cost Center Managers will be referred to hereafter as the "CDLE Contracting Authority" for the purpose of this procedure. 1. The CDLE Contracting Authority will: a. Coordinate all aspects of "acceptable security clearance" with the contracting agency/entity; specifically: 1) Cease all activities related to requesting transaction level access to security-sensitive applications (e.g. the currently identified CUBS and/or CATS), IF a NON-CDLE USER declines to provide security clearance documentation; otherwise, 2) Obtain an "acceptable security clearance" based upon the "security clearance" criteria set forth in the contract negotiated between CDLE and the agency/entity. The basic elements of this criteria are: a) The criminal record check must be arranged through a legitimate law enforcement agency. b) The criminal record check must fully identify the issuing law enforcement agency and must bear the signature of the issuing law enforcement official. c) The criminal record check must reveal that the NON-CDLE USER has no job-related felony conviction arising from an offense(s) occurring in the five-year period preceding the request for new or additional transaction level access to security-sensitive applications, or such transaction level access will not be granted. d) The NON-CDLE USER or contracting agency/entity must be responsible for all costs of the criminal record check. IF a NON-CDLE USER receives an "unacceptable security clearance", the contracting agency/entity will not submit a request to the CDLE Contracting Authority for CDLE Computer Systems transaction level access for that USER.

b. Obtain a completed and signed "Statement of Personal Compliance" form for each NON-CDLE USER requesting access. c. Complete and sign an "Employee Request for Access" form. This form may be the Departments form or another agencies form as long as it contains all information required by CDLE for processing. d. Send the completed and signed "Employee Request for Access" form along with the completed and signed "Statement of Personal Compliance" to OIS. If transaction level (update) access is being requested send the original proof of security clearance document to ICE. 2. The ICE will: a. Verify that the security clearance is acceptable and mark the "Employee Request for Access" form appropriately. b. Retain the original proof of security clearance document for future reference. c. Send the "Employee Request for Access" form to the CDLE ADP Security Administrator for processing. 3. OIS will: a. Verify the proper completion and authorization of the "Employee Request for Access" form. b. Process the requested USER access and notify the CDLE Contracting Authority of all accesses granted. c. Notify the CDLE Controller of the appropriate billing code associated with the new USERID. IV. OBTAINING ACCESS TO NON-CDLE COMPUTER SYSTEMS Access to NON-CDLE Computer Systems will be determined, coordinated and processed in the following manner: A. OIS Customer Assistance will be the primary contact between CDLE and all other NON-CDLE Computer System Security Administrators. B. All requests for access will be coordinated through the OIS in accordance with NON-CDLE Computer Systems security/access policies and procedures. C. Access will be administered by the NON-CDLE Computer System Owner, who has the exclusive right to authorize or revoke access. D. CDLE Cost Center Managers will: 1. Notify the CDLE ADP Security Administrator in writing of all CDLE USERs requiring transaction access to NON-CDLE Computer Systems security-sensitive applications as identified herein (none at present). This notification will include an accurate and detailed description of the information/data needed by the USER. 2. Provide any additional information and perform any procedural elements requested by the CDLE ADP Security Administrator on behalf of the NON-CDLE Security Administrator. 3. NOT become involved with NON-CDLE USER requests for access to other NON-CDLE Computer

E. OIS will: Systems. The NON-CDLE USER will be directed to contact the NON-CDLE Computer System Owners. 1. When applicable, request that the Executive Director negotiate a contract or agreement for system access between CDLE and the NON-CDLE Computer System Owners. 2. Insure that all NON-CDLE Computer Systems access and security requirements are satisfied per contract. 3. Process all forms and/or documentation related to security-sensitive application(s) transaction access authorization. 4. Coordinate billing arrangements with the CDLE Controller. 5. Maintain a record of all authorized USERs and coordinate it with CDLE Cost Center Managers based upon the USER's employment status. V. SECURITY CLEARANCE CRITERIA Security clearance for transaction level access to CDLE Computer Systems' security-sensitive applications, by any CDLE or NON-CDLE USER or to NON-CDLE Computer Systems' security-sensitive application(s), by CDLE USERs will be the responsibility of ICE and will be recognized as an ICE priority task. A. SECURITY CLEARANCE CONVICTION CATEGORIES 1. A criminal record check will be performed with respect to job-related felony convictions arising from offenses that occurred during the previous five-year period. 2. Job-related conviction categories include, but are not necessarily limited to, the following: a. Theft b. Robbery c. Burglary d. Fraud e. Forgery f. Embezzlement g. Computer Crime h. Other white-collar or government operations crimes 3. Only actual job-related criminal felony convictions, not arrests, will be considered as a factor relating to the USER's suitability for computer transaction level access to security-sensitive applications. Felony convictions arising out of an offense occurring more than five years prior to the date of ICE review of the USER will not be considered. Felony conviction, as defined herein, is considered to include a plea of nolo contendere or acceptance of a deferred sentence when a felony charge was made. B. THE ICE CHIEF SPECIAL INVESTIGATOR RESPONSIBILITIES 1. Maintain all internal ICE procedures related to this standard procedure and make them available during periods of compliance review. 2. Conduct criminal record background checks of USERs in accordance with United States Department of Justice regulations. While a USER is required to submit a "Computer Access: Authorization to Conduct Security Clearance" form, or proof of acceptable security clearance document, each time new or additional

transaction level access to security-sensitive applications is being sought after July 1, 1990, ICE is required to conduct or request only one complete criminal background check on that USER in any twelve-month period. VI. LOCATION OF ALL SECURITY ACCESS FORMS The only forms that will be accepted for the purposes of authorizing access to CDLE Computer Systems are: A. Computer Access: Authorization for Security Clearance Form. (Sample attached) B. Statement of Personal Compliance Form. (Sample attached) C. CDLE Employee Request for Access Form. D. NON-CDLE Employee Request for Access Form. E. Other agencies access Request forms as specified in paragraph III B 1 c, above. * A copy of these forms will be supplied to all Cost Center Managers, Local Security Coordinators and NON-CDLE Security Coordinators by the OIS Customer Assistance for local reproduction. All forms required to access NON-CDLE Computer Systems will be made available by OIS Customer Assistance upon request. VII. QUESTIONS CONCERNING SECURITY CLEARANCE OR COMPUTER ACCESS Questions regarding the security clearance criteria and procedures, or the current status of an ongoing security clearance investigation, should be addressed to: CDLE ICE Chief Special Investigator Investigations and Criminal Enforcement Section 600 Grant Street, Suite 900 Denver, CO 80203-3528 Phone: (303) 837-3806 Questions related to the CDLE ADP Security Policy and its supplemental procedures, or the preparation of the above noted forms, should be addressed to: Attachments : CDLE ADP Security Administrator, c/o Customer Assistance Office of Information Systems 251 East 12th Avenue, Room 313 Denver, CO 80203 Phone: (303) 866-6555 Statement of Personal Compliance Form. Computer Access: Authorization for Security Clearance Form. CDLE Employee Request for Access Form. NON-CDLE Employee Request for Access Form.

Supporting Documents Press the associated DocLink below to view the Supporting Document(s) - Supporting Document (CDOLE Computer Access: Authorization to Conduct Security Clearance) - Supporting Document (Statement of Personal Compliance Relating to the Access and Use of CDOLE Computer Systems)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback