HCM Accommodation Data Sync to CS [Effective 2/22/21]
Purpose: Details of a change released with the Seattle District, Deployment Group 4B implementation to the data being synchronized to the Campus Solutions Pillar from the Human Capital Management pillar.
Audience: College HR Staff, CS Staff associated with maintaining Accommodate Data and Security Leads currently on ctcLink.
With the DG4B Implementation the first of 3 key changes were implemented in ctcLink. The Working Group, the first layer of Governance in ctcLink, approved an Enhancement Request on 2/17/2021 related to securing employee accommodation data from visibility in the CS Pillar. The enhancement covered:
3 Key Asks:
- Stop synchronization of Employee related Accommodation Requests from HCM to CS.
- Move HCM Accommodation Page Access to a specific Z role set.
- Remove previously synchronized data from the CS pillar at all existing ctcLink colleges in coordination with a backup of the data retained and instructions for exporting student/employee relevant data for re-entry as applies to each institution.
The first bullet and part of the second bullet were covered during the DG4B cut-over weekend.
HCM to CS Accommodation Data Sync Change
Prior to this change, any accommodation request data entered in HCM immediately flow to the CS pillar under the Campus Community > Person Information or Person Information (Student) area. While this access is segregated to a specific accommodation ‘Z’ role set, there is currently no restriction to viewing the data only for a single Business Unit.
In fact, due to the underlying functionality being tied to the old HRMS framework, the CS Accommodation Data is tied to the Business Unit of the employee’s primary job record as sync from HCM to CS and therefore, if a restriction were attempted to be set in CS it would isolate visibility of student related accommodation information to a Business Unit likely unrelated to the student relationship an employee may have at another college.
Due to this complication and the multi-campus, single instance implementation approach the enhancement request approved stops the synchronization of ALL employee accommodation requests from HCM to CS by inactivating the service option which enabled this data to flow into CS.
Security Role Changes for Accessing Accommodation Data in HCM
A number of colleges in DG3, DG4 and DG5 have expressed serious concerns about the accommodate data for employees being visible to all who have access to accommodation data, regardless of college. Accommodation data in the HCM pillar is restricted by Company, but in HCM several roles have access to accommodations data entered for employees, therefore it is visible to any who have one of the many roles that grant this access, even if it is not the intent when granting this role to provide access to such highly sensitive data.
The following roles have been added to the ctcLink system, in the HCM pillar and can be granted to staff who require accommodation information in HCM:
- ZC HR Accom Disability [Correct History Access]
- ZZ HR Accom Disability [Add/Update Access]
- ZD HR Accom Disability [View Only Access]
A communication will be sent to existing ctcLink colleges, informing them of the new role set in HCM that grants access to accommodation data. A deadline will be set to ensure colleges have time to add these new roles to the staff who work with accommodation requests for employees in HCM. After the deadline, during a maintenance window the following college grantable roles will have access to the Accommodations Component in HCM removed from the existing roles. Only those with one of the NEW accommodation roles will be able to access HCM accommodation data.
- ZD HR Employee Maintenance
- ZZ HR Employee Maintenance
- ZC HR Employee Maintenance
- ZD HR Central Config VW
- ZD HR Employee Maintenance VW
- ZD HR Inquiry
Removal of Existing Accommodation Data for Employees in CS
Removal of the existing Accommodation Data will be set for a scheduled maintenance window. The Production system will have a backup taken and restored to an alternate, accessible location (SVL). College staff who need to review any employee related data in the backup of CS can pull reports from the alternate environment and restore any needed data to their Production systems.
In this way, we are able remove the accommodation data from Production quickly, without impacting ctcLink college's ability to recover any removed data.
A special "View Only" login has been created in the Solution Validation (SVL) environment. Once the data is removed from the Production environment, the login credentials will be distributed to the PMs at the colleges that are 'live' on ctcLink. These logins will grant view only access to accommodation data in the CS pillar for 30 days after the data is removed from ctcLink Production. After 30 days, the accounts will be locked and the CS accommodation data will be scrubbed from that environment. A backup will be retained for 90 days in case a college has an issue and requires assistance in reviewing the data after the 30 day period.