What do you see when you log in to ConnectCarolina? The answer depends, in part, on your role at the University.
You may see only information about you, like your paycheck and benefits information. Others at the University may need to view, edit or run reports on different types of information.
For example, Human Resources representatives need to access paycheck or benefits information for themselves and other employees. Accountants need access to financial data and reporting tools. Student Services managers need students’ records, and students need to register for classes and check their financial aid.
All employees and students need access to some information in ConnectCarolina, though likely not all information.
Have you ever wondered how people see different things in the same system?
Across the University, Access Request Coordinators (ARCs) use a process via the Access Request Tool to ensure that the right people have access to the right information.
The current process is complex, largely manual and requires a high level of oversight. In line with the University’s Carolina Next strategic plan initiatives to increase operational efficiencies, ITS Enterprise Applications and stakeholders across the University are working on a major modernization of the access request process.
ConnectCarolina is one of the University’s most critical systems. It is used to conduct essential administrative functions across all parts of the University. Operational changes to the system, including reducing or eliminating manual processes, will reduce staff hours spent on administrative tasks and increase overall access security.
Current access request process
The access request process provides the ability to request ConnectCarolina security access for faculty and staff, based on their need to access specific information and system options. There are multiple steps, people and departments involved in requesting and granting user access. The steps vary across University departments and different ConnectCarolina pillars (Student Administration, Finance and Human Resources/Payroll).
As part of the process, all employees or students are assigned at least one security role that determines what they can see or change in ConnectCarolina.
Security roles are granular, with each role establishing permissions to access some elements of ConnectCarolina functionality or data. For example, one employee might be able to see reports that show University-wide information, but not have permission to change the information. Another may be able to enter an employee action for the School of Education, but not for another school or division. Currently, there are hundreds of identified security roles, and some employees may be assigned any number of security roles to establish the security access they need, sometimes requiring 50 or more roles to provide all necessary access.
ConnectCarolina houses sensitive data and personally identifiable information protected by University policies and state and federal laws including:
- Family Educational Rights and Privacy Act (FERPA), for student data
- Gramm-Leach-Biley Act (GLBA), which protects financial information
- Health Insurance Portability and Accountability Act (HIPAA) for health records
“Managing access to systems is a key component of ensuring the university data is secure,” said Mechelle Clayton, interim Assistant Vice Chancellor of ITS Enterprise Applications.
System access process involves more than simply granting access. In order to ensure appropriate access is given, the current system includes a workflow process that routes access requests through an approval chain. This approval chain, in the current environment, is incomplete in some places and difficult to use if there are corrections to the original request.
In early spring 2022, Clayton sponsored a project to gather feedback about the current access request environment. The project team led a series of feedback gathering sessions with campus users, central office users, Access Request Coordinators and others to understand the pain points of the current system. That feedback was then used to identify requirements and set priorities for changes to the process and tool.
“The current process is time consuming and inefficient,” said Clayton. She added that the goal of the improvement project is “to ensure access is provided and audited in a timely manner.”
The group identified several areas of pain points, including:
- Security roles. There are too many security roles and descriptions are unclear.
- Manual processes. Current processes are manual. Paper forms and keying data into the system is time-consuming and often leads to errors and missing or conflicting information. Paper forms that require signatures, manual data entry and approvals involving several people can lead to delays, errors and confusion for the person trying to get system access.
- Documentation and training. There is confusion about how to sign up for training and where to find help documentation. Although training is required to obtain some levels of security access, taking that training does not automatically trigger the creation of the requested user access to ConnectCarolina. Multiple people still need to act, one after the other. This process can take days or, depending on the complexity of the request, weeks for access requests to complete.
- Navigation and tracking. Access Resource Coordinators across Finance, HR/Payroll, Student Administration and departments use different approaches for managing access requests. It’s difficult to track when an employee has completed the mandatory training, and it isn’t easy for a manager or employee to review an employee’s access.
- Auditing. ConnectCarolina security audits are run every six months. This process is highly manual, difficult to navigate and very time-consuming.
- Improve tool, process and documentation. In response to the feedback, most of the working team agreed that a redesigned tool, process and documentation would be appropriate and welcomed. Reengineering the access request process and tool would include:
- looking at centralized system tools.
- automating steps where possible.
- creating a suite of self-service documentation to make it easier for employees, departments and ARCs to determine what access is needed and how to get it.
- Flexibility. There is a need for a flexible tool with the ability to manage access request beyond ConnectCarolina systems.
The group plans to take a phased approach to implementing changes. Phase I work will focus on the following tasks:
- Review security roles in ConnectCarolina Student Administration and:
- group roles where appropriate.
- clean up unused roles.
- adjust the paper form and ARC system to match.
- Update the InfoPorte data entry system to:
- adjust validation and display messages so it’s easier to see when an employee has a department assigned and can request access.
- remove the “Data Level Access” section.
- update the order of the roles to match the PDF form.
- improve audit reporting and process.
- Add the ability to request some specialized finance roles from the Finance PDF form and data entry system.
- Make required security-related training easier to find.
- Update documentation to make it easier for employees, departments and ARCs to determine what access is needed and how to get it.
Future phases will continue to address the following long-term goals:
- Eliminate paper forms.
- Streamline and standardize the process where possible, including security audits.
- Automate where possible.
- Build a flexible workflow for approvals.
- Accommodate security requests for applications beyond ConnectCarolina by being flexible and scalable.
- Ability to track the status of requests and pending tasks such as approvals and training.