Application Owner Roles And Responsibilities (R&R)

2y ago
29 Views
2 Downloads
350.39 KB
5 Pages
Last View : 17d ago
Last Download : 2m ago
Upload by : Amalia Wilborn
Transcription

Application Owner Roles and Responsibilities (R&R)V 1.0

Application owner R&R, Chapman University1. IntroductionThis document establishes standards for the roles and responsibilities of the applicationowner of web based applications, not hosted or managed by Chapman University IS&Tdepartment.2. PurposeThe objective of this standard is to establish guidelines for adding, maintaining, disabling,and deleting user access to the University’s data maintained on web-based applications nothosted or managed by Chapman University IS&T department3. Definitions:3.1 Application Owner:Chapman University employee that is the business owner of the application and isresponsible for the business delivery, functioning and services of the application. Theapplication owner is also the custodian of the data in the application.3.2 Role:A role defines a set of users that share the same informational needs, based on their need-toknow. This is commonly known as Role Based Security.3.3 User:The end-user of the application. A user can be assigned to an account role4. Security principles4.1 Need to knowUsers should be granted access only to data that they need to know or work with.4.2 Least privilegeUser should have the least level of access permissions so that the user has access only to thedata that they are required to see and work with.5. Application owner - primary responsibilities:5.1 Account Management Owner of application account provisioning and de-provisioning

Application owner R&R, Chapman University The application owner will provision or add a new user to the applicationusing the principles of least privilege and need to know The application owner will de-provision or remove access to an existing userto the application as soon as possible (within one business day or earlier)Owner of application role management assignments and changes (updating existingusers) The application owner will set up the roles and the correspondingentitlements within each role in the application. E.g. Admin role or dataentry role The application owner will assign and modify users to roles in theapplication based on need to know and least privilege. The applicationowner will assign users to roles e.g. Newly joined manager assigned toadmin role. If the current user has moved to a different job function, thenthe application owner should modify user’s role assignment in theapplication accordingly5.2 Manage Application portal security settingsThe application owner will set application portal security settings.These include but are not limited to: Number of login attempts and lockout policies Process for changing and resetting passwords Requirements for security questions5.3 Password policyMost applications rely heavily on the user password as the primary means to protect access tothe application (and related Chapman data). The Application owner will set password policycorresponding to requirements for the University active directory password system. Thesepolicies currently are available with the information security office5.4 Response Application owner will notify their management as well as the office of informationsecurity of any breach of University data or account misuseiiiFOR INTERNAL USE ONLY

Application owner R&R, Chapman University5.5 Review and Audit Periodic review (quarterly) of accounts status and roles ((once per quarterrecommended but at least once per six months) The application owner will periodically review the roles, roles assignmentsand user’s access within the applicationDocument the periodic review, if not already available through theapplication.6. Document ownerReview and updates of this standard is the responsibility of the Chief Information SecurityOfficer.7. ReferenceInformation Security Policy– Access Control

Application owner R&R, Chapman University5FOR INTERNAL USE ONLY

owner will assign users to roles e.g. Newly joined manager assigned to admin role. If the current user has moved to a different job function, then the application owner should modify user’s role assignment in the application accordingl

Related Documents:

ROLES AND RESPONSIBILITIES PROCEDURES V1.0 1. PURPOSE The purpose of this document is to ensure that the EPA roles are defined with specific responsibilities for each role and for people who have been assigned to the listed roles. The roles and responsibilities

This Guide contains information about the different roles and responsibilities you will need to consider in planning the transition to your new EMR. It explains why the assignment of specific roles and responsibilities is important, what roles and skills are needed, and who should parti

Leverage the power of the RACI model - not easy but worthwhile Fit roles into your organization, not your organization into the roles Combine roles whenever possible, particularly at the lifecycle stage Think about deleggg y, gating some local authority, as long as there is a single process Invest in role-based training

An overview of the Board, officers, and associated responsibilities are provided in Figure 1. The Board's roles, responsibilities, accountabilities, and authorities are provided below. 2.1 Role Governs the Chapter by providing oversight and strategic direction; executes the Chapter policies. 2.2 Responsibilities Exercise all Chapter powers

Figure 1: Scrum “Process” 2. Scrum Roles Scrum knows 3 roles: Product Owner, Team Scrum Master All responsibilities to manage the project are divided among these three roles. 2.1. The Product Owner The Product Owner represents the interests of everyone with a stake in the proj

Oct 21, 2019 · Introduction to Roles, Responsibilities, and Processes This guide is intended to codify DVC’s decision making and resource allocation processes and the roles and responsibilities within those processes. These processes are related to: 1. Governance participation in committee structure 2

Unit 4: Roles and Responsibilities Topic 4-1: Instructor Roles and Responsibilities . . will be able to carry out the roles and responsibilities of an SFT instructor in an ethical manner in accordance with legal requirements, NFPA standards and the policies, procedures, and expectations

Any dishonesty in our academic transactions violates this trust. The University of Manitoba General Calendar addresses the issue of academic dishonesty under the heading “Plagiarism and Cheating.” Specifically, acts of academic dishonesty include, but are not limited to: