Delegation of Authority
Major Responsibilities That Can Be Delegated:
- Establishing unit access as determined by the unit administrative official
- Training on computer access, security, software, and appropriate use of UC information
- Monitoring of unit core systems transactions
Major Responsibilities That Cannot Be Delegated:
- Establishing and implementing systems to ensure the integrity and security of the data on which decisions are made
- Assuring that systems access and transactions are in accordance with management’s authorization and are recorded in UC records in an accurate and timely manner
- Appointing the unit data security administrator
- Determining appropriate approval hierarchies to establish adequate separation of duties
- Determining which employees should be given access to what core data
- Managing reported or suspected access and security violations in accordance with UC policies
Selected Requirements, Risks and Mitigation Measures
- Adequate data control systems must be established to ensure that the appropriate authorization, accountability, and data integrity and security exist.
- Systems must be secure, reliable, responsive, and accessible. These systems must be designed, tested, documented, and maintained according to accepted development and implementation standards. They should be built upon sound data models and employ technology that allows data to be shared appropriately, and meet the users’ needs.
- Systems must contain controls to ensure that data is synchronized and validated and contains appropriate interfaces to any core financial systems.
- Local and wide area networks, including electronic mail and calendaring must be reliable, stable, and secure.
- Appropriate systems backup, recovery, and contingency planning must be established to meet Office of Record retention schedules and requirements.
- Employees must be encouraged to report any compromise or breakdown in the unit’s data integrity without fear of reprisal.
- If a situation involving data integrity risks occurs or seems likely to occur, involve Information Technology
Resources and Background Information
- UC ANR Information Technology
- UC ANR Information Technology, Information Security
- UC ANR Privacy and Information Security
For more information, contact the Chief Information Officer.