Quick Search
Periodically throughout the year, OIT will perform a manual security audit of Perceptive Content designed to remove unneeded and expired access to the system. This process is performed via three steps (for Staff and Faculty):
- Steps
- Manager Access Notices
- Escalation of Manager Access Notices
- Employee Access Removal
- Manager Expectations
- Escalated Manager Expectations
Steps
- Manager Access Notice (Manual and Annual)
- Timeline: Once a year during the Spring Semester (or as time permits) we will create a ticket (that can be resolved through email) for each manager (see below for an example). This email will ask the managers to confirm the permissions for their employees by auditing a spreadsheet.
- Using organizational data in SAP, the managers of users with Perceptive Content access are sent a notice with an attached spreadsheet asking them to confirm the necessity of the access for a given employee. In cases where the user reports to a vacant position, the next highest occupied position in the user's reporting tree is used instead.
- Upon receipt of the security audit response, OIT will remove the requested access within five business days and resolve the ticket when complete.
- Please see the Manager Expectations section for more information.
-
- Escalation of Manager Access Notices due to no response (second and final attempt)
- Timeline: We will only escalate the process after the stated deadline in the "manager access notice" (example below).
This escalation is to satisfy audit requirements. The managers that have not yet responded after the initial deadline will be sent a second notice. This step is identical to the previous step, except that the manager's effective manager on record is also copied in on the notice.
- Please see the Escalated Manager Expectations section for more information.
-
- Employee Access Removal (only if no response was received)
- Timeline: After the stated deadline in the SECOND (escalated) "manager access notice" we will remove the employee's access.
On the deadline, a process removes all group memberships across all application tiers from employees from whom no responses have been received. All of the access removed in this manner is documented in a ticket for future reference and auditing purposes.
Manager Expectations
- Managers receive an email outlining the process (below is an example):

- Review the attached spreadsheet in the email (example below):

- Denote any access that should be removed by entering REMOVE into column G (DO NOT Remove the row yourself)
- Reply to the email and either attach the edited spreadsheet or indicate No Changes in the body of the email
- The TeamDynamix ticket will be updated and resolved with any access changes made
Escalated Manager Expectations
- Managers of managers that have not yet responded will be CC'ed on a secondary notice
- Escalated managers are requested to do one of two things:
- Encourage the direct report to complete the audit
- Complete the audit on behalf of the direct report, following the steps in Manager Expectations