Anticlue

System Security Policies

Oh its a gotcha, and it is a big gotcha. System security policies and implementing a new system. When I'm in the process of implementing a nice new system, I avoid like the plague the long term responsibilities of system user security and access.

Why? well first and foremost, it is the departments data. They have the most familiarity with it, they should maintain who has access and at what levels. Try to have a system manager position be create or assigned to the department during the implementation. Allow this position, to do metadata additions, user security, and installs if you were unlucky enought to implement a client server system.

So what do we as a project implementer need to be concerned about regarding user security.

First, we have to ensure a policy has been created with the proper authorizations, and security information. Also we have to ensure that the policies has been typed to word and distributed for all to understand. Having the policy up under a general area of system access requests is a good idea too.