A while back an internal audit focusing on IT administrative systems, in particular two areas, Human Resource Management and Student administration, was conducted. The audit tried to establish whether the university’s policy with regard to administrative system users complied with prescribed best practices and whether adequate processes are in place to manage access rights.
It was found that there was a need for a formal Identity and Access Management (IAM) policy, more regulated processes and one central source from which identities (see definition below) should be managed.
The current practice of issuing multiple electronic identities per business application or per individual associated with the university for access to administrative systems, lends itself to the fraudulent use of both electronic identities and information – a high risk at an academic institution.
The audit findings were considered and as a result thereof an all-encompassing Identity and Access Management Project (IAM Project) was initiated to mitigate both known and potential risk around system and resource (i.e. Library ) access.
In an effort for better control on creating identity the following three systems will be the only recognised systems from which both identity and electronic identity can originate.
- Student Administration – Registration of students including Short Course registrations
- Human Resource (HR) – All SU staff that needs to be reported on for statutory purposes or for whom a payroll needs to be run.
- SUNid- used for any person that forms an affiliation with SU, but cannot be classified as either student or staff. The current classification for this group of person is either that of external worker or visitor.
IAM aims to addresses 95% of the audit findings by establishing a central system from which one electronic identity can be issued via an automated process with full audit on who has access to which system and who approved the request. A future deliverable from this project would be a formal definition of roles (e.g. Payroll clerk) from system function (program) access patterns to facilitate role-based access request management.
An Electronic Identity Validation Regulation has already been approved and can viewed here.
The IAM project is one of continuous improvement and development. It’s more than just putting systems in place, but also about understanding the university’s organisational behaviour and processes to ensure these systems will increase productivity and function optimally.
To keep you up to date on upcoming IAM projects, we will be running a series of articles from this week. In our next article we’ll be looking at AIS.
If you’re still in the dark as to how SunID works, refer to your wiki for detailed instructions or read our previous blog articles.
If you prefer a more hands-on approach, we’ll also be hosting a few informal sessions where you’ll be guided through the process step-by-step and also have the opportunity to air all your complaints and questions. If you’re like to attend one of these sessions, please contact Petro Uys at puys@sun.ac.za.
Definitions
Identity – the capturing of all personal information and creating a unique 8 digit Stellenbosch university number also commonly referred to as student number, staff number, ut_number, su_number.
Electronic Identity – refers to username and password associated to an identity record