Department of Pathology added to pilot; Target implementation to be determined
UIT's Identity and Access Management (IAM) team in the Information Security Office (ISO) has combined feedback from the Department of Pathology with data already collected from UIT, ITS and Campus HR managers selected to test a new user access review process in a SailPoint training environment. The system and supporting materials are production-ready, with an official rollout date to be determined, according to Chief Information Security Officer Randy Arvay, who presented a program update on October 23 to the University's Architecture and New Technology Committee (ANTC).
Ultimately, all managers at the University of Utah will be required to review their employees' elevated access to high-risk applications. Currently, the identified high-risk applications are Cactus, EPIC, Lawson, and PeopleSoft (Campus Solutions – HE, Human Resources – HR, and Financials – FS). This list is expected to grow as applications are added.
Once introduced, user access reviews will occur every four months. The process is required in order to comply with Policy 4-004, Rule 4-004D, and closes the loop on Human Resources scenarios such as an employee leaving the U yet retaining administrative access to University applications, or employees reporting to inactive or multiple managers.
Please direct any questions to IAM Project Manager Rachael Sheedy, Rachael.Sheedy@utah.edu.
Did you know?
The UIT PMO is staffed with project managers who have the necessary skills and understand the processes of both IT and business. This provides the PMO the ability to manage projects undertaken by both the IT organization and campus organizations. For more information, please visit our website.