1 / 31

FTI Security Enhancements Work Order – 0527

FTI Security Enhancements Work Order – 0527. 2012 Annual DRAP Training Conference October 3, 2012 Doris Hartman. FTI Security Enhancements. Today’s Agenda Why are we making these changes? Safeguard Review Preliminary Findings Expected Business Outcomes Security Changes

mayda
Download Presentation

FTI Security Enhancements Work Order – 0527

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FTI Security Enhancements Work Order – 0527 2012 Annual DRAP Training Conference October 3, 2012 Doris Hartman

  2. FTI Security Enhancements • Today’s Agenda • Why are we making these changes? • Safeguard Review Preliminary Findings • Expected Business Outcomes • Security Changes • FTI Security Changes • Centralized Security Buckets • Other Security Bucket Changes • Screen Changes • FTI Labeled Screens • Masked Screens • FSUM Enhancements

  3. FTI Security Enhancements • System Issues identified in the Safeguard Review Preliminary Findings Report issued January 31st, 2012 • BCSE is making unauthorized disclosure of FTI by printing receipt detail information on check stubs. • BCSE is making unauthorized disclosure of FTI on a telephonic Integrated Voice Response (IVR) system. (The CP receives source of payment information for all payments except FTI payments.) • BCSE does not restrict access to FTI to authorized individuals on a “need to know” basis. • BCSE does not label electronic FTI when displayed on PACSES Screens.

  4. FTI Security Enhancements • BCSE is making unauthorized disclosure of FTI by printing receipt detail information on check stubs. • All receipt numbers removed from disbursement file and no longer printed on SCDU check stubs. • Change to check template became effective April 10, 2012.

  5. FTI Security Enhancements • BCSE is making unauthorized disclosure of FTI on a telephonic Integrated Voice Response (IVR) system. (The CP receives source of payment information for all payments except FTI payments.) • The payment source information has been removed from both the PACSES and SCDU IVRs. • Change migrated to Production January 12, 2012.

  6. FTI Security Enhancements • Expected Business Outcomes • PACSES screens are properly labeled so that FTI information appearing on the screens can be properly protected and handled according to the procedures outlined in IRS Publication 1075. • Access to FTI is now properly restricted to individuals (not teams) authorized to view FTI as part of their routine job functions and who have a need to view FTI data. • The findings of the IRS Safeguard Review Preliminary Findings Report are being addressed so that there is no interruption of FTROP collections. • Drill functionality is added back to the Financial Summary (FSUM) screen to allow Domestic Relations Staff to be able to view financial data without viewing FTI data.

  7. FTI Security Enhancements • Today’s Agenda • Why are we making these changes? • Safeguard Review Preliminary Findings • Expected Business Outcomes • Security Changes • FTI Security Changes • Centralized Security Buckets • Other Security Bucket Changes • Screen Changes • FTI Labeled Screens • Masked Screens • FSUM Enhancements

  8. FTI Security Enhancements • WO-0527 FTI Security Enhancement Changes • BCSE does not restrict access to FTI to authorized individuals on a “need to know” basis. • BCSE does not label electronic FTI when displayed on PACSES Screens.

  9. PACSES Security Changes • Security will be assigned at a worker level (WACI) only. • Elimination of Team (TACI), Unit (UACI) and County (CACI) level security assignment. The screens are removed from PACSES. • **Counties are still able to use Teams and Units for the purpose of scheduling and case management.** • All workers are now required to have a worker level security (WACI) record. SMEs completed outreach with counties July – September 2012 to ensure all workers have WACI records. • The ability to view FTI data will be ‘access controlled’ based on the security buckets assigned to the worker and based on the security level of the PACSES screen. • Assignment of FTI Security Buckets and the DRSRTUPD security bucket are now controlled centrally by BCSE. A new form and process will be implemented to allow DRS Directors to request access to these security buckets.

  10. PACSES Security Changes • Three Levels of FTI Access • No access to FTI Data or Access Controlled Screens • Users receives a “Not Authorized” error when attempting to navigate to any screen defined as access controlled • Data identifiable as FTI is “masked” or suppressed on other screens defined as commonly used screens • No access to FTI Access Controlled Screens but allowed to view FTI data • A new security bucket ‘CFTIINQ’ allows users to view unmasked data on screens that are commonly used in DRS business. • Full Access to FTI screens and Data. • These users need the appropriate security buckets to view and/or update the access controlled screens • These users also require the new CFTIINQ security bucket to view unmasked data on screens that are commonly used in DRS business.

  11. Access Controlled Screens

  12. Access Controlled Screens

  13. PACSES Security Changes • Assignment of FTI Security Buckets and the DRSRTUPD security bucket are now controlled centrally by BCSE.

  14. FTI Security Enhancements • Additional Changes included in this work order • A new form and process allows DRS Directors to request access to these security buckets. • To ADD, CHANGE, or DELETE one of the 13 centrally controlled security buckets the FTI / Administrative Security Request Form needs to be submitted • The form is available on the PACSES Home Page / IRS Security Suite (left Hand Navigation Panel) / FTI Security Enhancements

  15. FTI Security Enhancements • Additional Changes included in this work order • A comprehensive review of all PACSES Security buckets has been completed to align security with individual job responsibilities and to remove duplication.  Based on this review new security buckets were created, existing security buckets were modified, and some security buckets were deleted.    • The appropriate security buckets were ascertained during the county outreach and all workers were set with worker level security (WACI) with the security buckets designated as required for each individual’s job duties.

  16. FTI Security Enhancements • Today’s Agenda • Why are we making these changes? • Safeguard Review Preliminary Findings • Expected Business Outcomes • Security Changes • FTI Security Changes • Centralized Security Buckets • Other Security Bucket Changes • Screen Changes • FTI Labeled Screens • Masked Screens • FSUM Enhancements

  17. Screens Labeled as ‘FTI’

  18. Screens Labeled as ‘FTI’

  19. Screens Labeled as ‘FTI’

  20. Screens Labeled as ‘FTI’

  21. Screens Labeled as ‘FTI’

  22. Commonly Used Screens

  23. ADJL Masking Example

  24. CINQ Masking Example

  25. DSBL Masking Example

  26. HRCT Masking Example

  27. ICOL Masking Example

  28. IVAL Masking Example

  29. RCTL Masking Example

  30. FSUM Enhancements

  31. FTI Security Enhancements QUESTIONS ?

More Related