Reply to comment

HR Provisioning: Employee Lifecycle (Part 4)

Submitted by ChuckAllen on Wed, 08/05/2009 - 19:41
in

This isn't the last post in my current provisioning series. I promised the last post would focus on a few architectural ideas for handling provisioning and de-provisioning in a distributed environment. This one simply highlights something I saw reported that helps illustrate a point I made in my last post. The Daily Press, Newport News, VA, last week reported:

A part-time computer help desk technician let go from Thomas Nelson Community College almost three weeks ago said that, as of Wednesday morning, he still had computer access to the records and Social Security numbers of every student in the Virginia Community College System.

Edwin Slater, a 24-year-old Newport News resident, said college officials told him he was being laid off from his job July 9 because of budget cuts. But Charles Nurnberger, TNCC's vice president for finance and administration, said no employees have been laid off, although some jobs have been consolidated.

The college VP's answer to the alleged data breach is quite contorted. He indicates that no employees had yet been officially terminated. The VP doesn't address the fact that the employee in question had either been notified weeks ago that he was being laid off or that, in any case, he had not showed up to work in 3 weeks. So the VP sort of implies that there was no data breach since the college hadn't officially terminated the individual's status as an employee. This is an interesting answer, but not one that has anything to do with protecting the confidential student information to which the help desk technician had access.

As I wrote in my previous post:

In the case of involuntary terminations, it may be important to schedule de-provisioning in advance of when the notice is given and/or when the termination is effective for payroll, benefits, or other purposes. Some notion of "suspension pending termination" is necessary in many situations. Conversely, an employee's notice of voluntary termination (e.g., two weeks notice) may or may not invoke any immediate de-provisioning of systems. The point here is that both provisioning and de-provisioning are not always tied exactly to official hire and termination dates. Fine-grain handling of lifecycle events is required.

Unless there is other "breaking news," the post I promised with a few architectural ideas on provisioning will be up next.

Reply

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
Are you human? Please complete our test. Your cooperation helps prevent spam submissions.
3 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.