Security Administration System Improvement [SASI] Project Information Guide
Purpose: As the effort to define Security Administration System requirements has evolved with the College Advisory Group, this guide is being re-branded to address broader improvement efforts for how our system manages security administration. This guide will now be referred to as the Security Administration System Improvement Project. The information is intended to aid in framing out the next steps to develop a set of project activities to address college needs associated with more effective ctcLink Security Administration tools.
The guide provides:
- How college Subject Matter Experts (SMEs) can get involved and stay informed on project progress.
- Action Plan - Next steps to keep us moving through each project phase.
- Background information project historical content.
- High-level guide to the revised project phases.
Audience: College Subject Matter Experts (SME) interested in ctcLink Security Administration and Security Audit Reporting
Updates:
- Important Project Announcement - SASI Project Re-Brand Please refer to the announcement in the Background Information section.
- SASI College Advisory Group Semi-Monthly Meeting Content - Please refer to the Next Steps section to view regular meeting recordings and materials.
- SASI College Advisory Group members were selected on August 14, 2023. Please refer to the College Involvement section to view the list of advisory group members.
There are many ways college staff can stay apprised of Security Administration System Improvement (SASI) Project activities or can get involved. Below are key communication channels with college engagement possibilities:
Nomination process complete! Membership list published on August 16, 2023.
The SASI College Advisory Group works with the SASI Project Leadership Team to provide immediate feedback on business practices, design options, and current security management challenges. The group meets regularly on the 2nd and 4th Tuesdays, from 2 to 3 p.m.
Group responsibilities include:
- Participate in Semi-Monthly (Tuesday afternoon) to give feedback on project activities or questions
- Be available for Ad-Hoc Feedback Loops (as needed) on College Business Practices
- Participate in Requirement Clarification Sessions
- Provide Early Feedback on Solution Design Materials
- Participate in Solution Design Feedback Sessions as Change Champions and Thought Leaders
- Respond to Surveys for Solution Design Decisions
- Provide Input on Testing and Training Plans
- Participate in User Acceptance Testing
The following college subject matter experts have been identified as members of the SASI College Advisory Group, through an official nomination and selection process completed on August 16, 2023.
| Member Name | Member Title | Member Email |
|---|---|---|
| Stephanie Baker | Business Systems Analyst | [email protected] |
| Matt Connelly |
ctcLink Business Systems Analyst/Security IT Admin |
[email protected] |
|
Kathy Disney |
Business System Analyst |
[email protected] |
|
Steve Garcia |
Information Security Officer |
[email protected] |
|
Kaytlyn Hoch |
Application Services Director |
[email protected] |
|
Jennifer Horrace |
IT Customer Support Journey |
[email protected] |
|
James Josleyn |
Associate Director of Technology Support Services |
[email protected] |
|
Jeremy Kelley |
System Engineer |
[email protected] |
|
Victor Lopez |
Business Systems Analyst / Local Security Administrator |
[email protected] |
|
Carol McCarthy |
Finance Business Analyst | Information Technology |
[email protected] |
|
Bradley Nuxoll |
Senior Application and Database Developer |
[email protected] |
|
Nichole Seroshek |
ctcLink Project Manager/Business Process Analyst |
[email protected] |
|
Linh Tang |
Information Technology Staff |
[email protected] |
|
Hongyu Zhan |
ctcLink Business Analyst and Security Coordinator |
[email protected] |
Advisory group members who are also members of a specific council or commission may be called upon to provide insights into the activities of this group.
Advisory group members will be provided periodic status update slide deck materials enabling them to share their work on this group.
Councils and commissions seeking a project status update presentation from the Project Management Office can reach out to Tara Keen ([email protected]) to request an update at an upcoming council or commission meeting.
The SBCTC-IT Application Services Security Team holds monthly Security Administrator meetings with Local Security Administrators, as well as interested Business Analysts and pillar leads, on the second Thursday of each month. In this monthly forum, the Security Team will provide project updates, field questions and solicit feedback on current topics within the effort where the project team needs to hear from college experts.
Any SASI Project update materials presented during these meetings will be posted to this Project Information Guide for easy reference and access.
- Next meeting is scheduled for Thursday, Aug. 10, 2023.
- Deck will be posted after the presentation.
- See the monthly Security Administrator meeting schedule.
The College Collaboration Group meets the 2nd and 4th Wednesdays from 10 a.m. to noon and is an open forum for ctcLink Points of Contact, Business Analysts, and topic-specific SMEs to gather and discuss an array of topics that need to be shared and collaborated on in our system.
While the topics change each meeting, regular SASI Project updates will be provided to this group to ensure broad input is gathered on topics related to the SASI Software implementation efforts.
During Phase 1: Discovery, Planning and Design the team will document the solution design for implementing each aspect of the product.
The Solution Design Documents (SDD) are intended to be plain language overviews of the challenge being addressed and what will be done from a functional and simplified technical design perspective to solve the problem with the implementation of any security administration system improvement efforts.
These SDDs will be posted to this SASI Project Information Guide as they are completed.
A sign-off survey will be distributed to ensure all colleges have the opportunity to review and sign off on the design before moving into the next project phase(s). While each college district will have only one vote, all college SMEs will have the ability to review the SDDs for a better understanding of how this product will be implemented.
Meeting Topics:
- Group Expectations and Goals
- Review Sentinel Module Functionality
- Review/Update Discovery Points Vendor Feedback
- Next Steps
Meeting Recording: Link
PowerPoint Presentation and Meeting Minutes:
Meeting Topics:
- Review Sentinel Module Functionality
- Review/Update Discovery Points List
- Review/Update Decision Points List
Meeting Recording: Link
PowerPoint Presentation and Meeting Minutes:
Meeting Topics:
- Project Update & Discussion
- Phase 1 Restructuring
- Requirements Discussion/Prioritization
- Next Steps
Meeting Recording: Link
PowerPoint Presentation and Meeting Minutes:
Meeting Topics:
- Welcome
- Phase 1
- Requirements Discussion/Prioritization
- Next Steps
Meeting Recording: Link
PowerPoint Presentation and Meeting Minutes:
Meeting Topics:
- Review Requirements
- Brainstorm Solution Approaches
- Determine Viability of Requirements ‘As Written’ or ‘Rewritten’
- Next Steps
Meeting Recording: Link
PowerPoint Presentation and Meeting Minutes:
Meeting Topics:
- Finalize requirements:
- Assess Gaps
- Develop Mitigations
- Solution Design Approaches
- Business Process Review
- Close the Loop on Outstanding Requirements
- Review Business Process Step List
- How to Enter Feedback/Issues in List
- Timelines for BPR & Solution Design Work
Meeting Recording: Link
PowerPoint Presentation and Meeting Minutes:
Meeting Topics:
- Review Entries Added to Business Process Steps
- Discuss additional requirements added
- Discuss content added to Details of Concern column
- Next Steps
Meeting Recording: Link
Meeting Minutes:
- Clarification on Requirement
- Review Business Process Step Lists: SASI Requirements Google Doc:
- Off-Boarding
- Transfer to New Job at Same College
- Timelines for BPR & Solution Design Work
- Next Steps
Meeting Recording: Link
Meeting Minutes:
- Clarification on Requirement
- Final Review Business Process Step Lists: SASI Requirements Google Doc:
- Off-Boarding
- Transfer to New Job at Same College
- Timelines for BPR & Solution Design Work
- Next Steps
Meeting Recording: Link
Meeting Minutes:
- Initial Solution Design Document Review
- Work Package #1 Role Grouping Template
- Complete Review Business Process Step Lists: SASI Requirements Google Doc:
- Off-Boarding
- Transfer to New Job at Same College
- Next Steps - Timelines for Business Process Review & Solution Design Work
Meeting Recording: Link
Slide Deck and Meeting Minutes:
- Initial Solution Design Document Review
- Work Package #2 Reporting Dashboard
- Confirm Completion of Business Process Step Lists: SASI Requirements Google Doc:
- Off-Boarding
- Transfer to New Job at Same College
- Discuss Work Package #1 Readiness
- Next Steps - Member List (N/A min)
Meeting Recording: Link
Meeting Minutes:
-
Initial Solution Design Document Review
- Work Package #4 – Data Masking for Cat 4 Data Security
- Work Package #6 – Okta Shell Roles for Third Party Access Notices
-
Timelines for Solution Design
- Work Package Review
- Sign-Off
- College Advisory Group Membership
Meeting Recording: Link
Slide Deck and Meeting Minutes:
- Initial Solution Design Document Review
- Work Package #3 Role Approval Workflow
- Review of Decision Timeline and Process for Solution Design Work
- Sign-Off
- Surveys Posted
Meeting Recording: Link
- Discuss sign off on WP #1 and #2
- UAT Preparation
- Reminder to get feedback on WP #4 and #6
- Feedback on WP #3
- Next Meetings
Meeting Recording: Link
Meeting Minutes:
The SASI (formerly Sentinel) College Advisory Group met on Thursday, August 24th to kick-off the work on their Sentinel Project work.
Presentation Information:
Meeting Recording: Recording Link
Meeting Minutes:
Presentation Slides:
- Solicit SASI (formerly Sentinel) College Advisory Group nominations - (July 25 to August 7, 2023) - Done
- SASI (formerly Sentinel)l Project Leader Team to select advisory group members from nominees and send notices to selected members by August 17 - Done
- Publish Membership List - Done
This phase will set the stage for all remaining project phases. In this phase the following will take place:
- [Completed] Establishment of a College Advisory Group
- [Completed] Define and Prioritize Security Administration System Requirements
- [Completed] Review Requirements and Security Administration Business Practices for Functionality Fits and Productivity/Audit Gaps
- [In Progress] Detail Gap Analysis and Vet/Document Solution Approaches
- [Coming Up] Secure College Buy-Off on Solution Design(s)
- Secure Governance Approval to Address Solutions
- Commence Development of Work Packages
- Commence Testing of Work Packages
-
#0A - Off-Boarding
-
Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
- Requirement SA-019: More automated off-boarding capabilities around roles/secondary security.
-
Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
-
#0B - SACR Security Using LaunchPad
-
Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
- Requirement SA-020: Ability to copy SACR/UPDS from one user to another or from a standard template based on position.
-
Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
Solution Overview Presentation from Monthly Security Meeting:
-
#0C - User Preference Definition Using LaunchPad
-
Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
- Requirement SA-020: Ability to copy SACR/UPDS from one user to another or from a standard template based on position.
-
Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
-
#1: Role Grouping Templates
-
Draft Solution Design Document Presented to CAG Group on 02/27/2024 - Under Review by CAG
- Requirement SA-024A: Ensure any role doesn't present an SOD issue.
- Requirement SA-024B: Role Groupings Do Not Allow for Grouping of Roles that Would Violate SOD.
- Requirement SA-018: Ability to assign roles by role groupings/positions.
- See 02/27/2024 CAG Meeting Minutes for Discussion
-
Draft Solution Design Document Presented to CAG Group on 02/27/2024 - Under Review by CAG
Draft Solution Design Document for SD #1 Role Grouping Templates:
-
Feedback and Decision Timeline for Work Package #1
- 4/11/2024: Review Solution Design at Monthly Security Administrator Meeting
- 4/16/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
- 4/19/2024: Feedback Update in SD document and republished
-
4/22/2024 to 4/26/2024: College Sign-Off Period
- Link (open during period outlined above): Sign-Off Survey for Work Package #1
- (See sample of the survey questions in the pdf below for socializing on your campus)
- 4/26/2024: College Sign-Off Due by 5PM
-
#2: Security Reporting Dashboard
-
Draft Solution Design Document Presented to CAG Group on 03/12/2024 - Under Review by CAG
- Requirement SA-015: Better reporting capabilities for Secondary security; ability to compare users for SACR/UPDS
- Requirement SA-023: SOD Reporting between pillars
- Requirement SA-034: Add a LSAs Workcenter to build custom security groups for employees, where the SACR and UPD security setting that are assigned to an employee are visible on one page or Workcenter...which could include a query access paglet tab. Have a query description where you can select a query, then the roles are added to the user.(Dashboard reporting)
- Requirement SA-004: When an employee works at multiple colleges, system should provide capability to display role access granted by a specific college either through an Inquiry View or Report.
- Requirement SA-022: Tracking and Reporting of Approvals and Role Assignments, including SACR, UPD, Faculty Advisor Table, supplier, Procurement Card Permissions, Requester Setup, Tables (Query Record Access), AWE and employee management.
- Requirement SA-007: The ability to see an employee's portal (Oracle Integration Hub) roles.
- Requirement SA-016: A visual representation of security Permissions in PeopleSoft Navigations menus
- Requirement SA-017A: Ability to compare security access differences between users in a single environment.
- See 03/12/2024 CAG Meeting Minutes for discussion.
-
Draft Solution Design Document Presented to CAG Group on 03/12/2024 - Under Review by CAG
Draft Solution Design Document for SD #2 Security Reporting Dashboard:
-
Feedback and Decision Timeline for Work Package #2
- 4/11/2024: Review Solution Design at Monthly Security Administrator Meeting
- 4/16/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
- 4/19/2024: Feedback Update in SD document and republished
-
4/22/2024 to 4/26/2024: College Sign-Off Period
- Link (open during period outlined above): Sign-Off Survey for Work Package #2
- (See sample of the survey questions in the pdf below for socializing on your campus)
- 4/26/2024: College Sign-Off Due by 5PM
-
#3: Role Approval Workflow
-
Draft Solution Design Document - Security Team Documenting Design Ideas - Presented to CAG on 04/09/2024
- Requirement SA-001: Employee must have the ability to request a security role be added to their user profile.
- Requirement SA-002:Manager or role evaluator will be notified of a role request, with the power to edit the role request prior to approval.
- Requirement SA-012: Ability to input an ID of who approved the security role exceptions.
- Tangentially Relevant Requirement SA-042: Provide a means by which each college can designate that a role applies to the work at that BU.
-
Draft Solution Design Document - Security Team Documenting Design Ideas - Presented to CAG on 04/09/2024
Draft Solution Design Document for SD #3 - Role Approval Workflow:
-
Feedback and Decision Timeline for Work Package #3
- 5/09/2024: Review Solution Design at Monthly Security Administrator Meeting
- 5/14/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
- 5/17/2024: Feedback Update in SD document and republished
-
5/20/2024 to 4/24/2024: College Sign-Off Period
- Link (open during period outlined above): Sign-Off Survey for work Package #3
- (See sample of the survey questions in the pdf below for socializing on your campus)
- 5/24/2024: College Sign-Off Due by 5PM
-
#4: Data Masking for Cat 4 Data Security
-
Draft Solution Design Document - Security Team Documented Design Ideas - Targeted to Present to CAG on 03/26/2024
- Requirement SA-013: Protect Category 4 Sensitive Data.
-
Draft Solution Design Document - Security Team Documented Design Ideas - Targeted to Present to CAG on 03/26/2024
Draft Solution Design Document for SD #4 - Masking for Category 4 Data Security:
-
Feedback and Decision Timeline for Work Package #4
- 4/11/2024: Review Solution Design at Monthly Security Administrator Meeting
- 4/23/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
- 4/26/2024: Feedback Update in SD document and republished
-
4/29/2024 8AM to 5/3/2024 5PM: College Sign-Off Period
- Link (open during period outlined above): Sign-Off Survey for Work Package #4
- (See sample of the survey questions in the pdf below for socializing on your campus)
- 5/3/2024: College Sign-Off Due by 5PM
-
#5: Comparison Tool for User Profiles Across Environments
-
Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 04/23/2024
- Requirement SA-017B: Ability to compare security access differences between a user in two environments
-
Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 04/23/2024
-
#6: Okta Shell Roles for Third Party Access Notices
-
Draft Solution Design Document - Security Team Documented Design Ideas - Targeted to Present to CAG on 03/26/2024
- Requirement SA-043: A tracking mechanism with pop-up announcement that appears when offboarding an individual to also inform staff they need to offboard in LegacyTranscripts, LegacyLink (and any other third party applications we can incorporate).
-
Draft Solution Design Document - Security Team Documented Design Ideas - Targeted to Present to CAG on 03/26/2024
Draft Solution Design Document for SD #6 - Okta Shell Roles:
-
Feedback and Decision Timeline for Work Package #6
- 4/11/2024: Review Solution Design at Monthly Security Administrator Meeting
- 4/23/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
- 4/26/2024: Feedback Update in SD document and republished
-
4/29/2024 to 5/3/2024: College Sign-Off Period
- Link (open during period outlined above): Sign-Off Survey for Work Package #6
- (See sample of the survey questions in the pdf below for socializing on your campus)
- 5/3/2024: College Sign-Off Due by 5PM
-
#7: College identification of desired role assignment.
- Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 05/14/2024
-
#8: KT on Query of Portal Roles
- Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 04/23/2024
-
#9: Auto-assign Route Control BU
- Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 06/11/2024
-
#10: Dynamic Assignment of SACR Insitution Security for active Inst/Adv table entries.
- Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 06/11/2024
-
#11: Name Change Dynamic Sync across all pillars and Okta (AD)
- Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 06/25/2024
-
#12: SOD Warning Pop-Up on Role Assignment
- Draft Solution Design Document Not Started - Target TBD
This phase includes the following:
- Develop, Train and Implement Phase 1 Approved Security Administration Productivity Improvements.
- Determine need for future release phases based on results of Phase 1 and Phase 2 work.
SASI Project Re-Brand - Effective Tuesday October 10, 2023
Sentinel Implementation Project Re-Brand to Security Administration System Improvement (SASI) Project
To prepare for the planned implementation of the Sentinel security administration software product SBCTC engaged in talks with the software vendor to ensure we fully understood the cost projections for annual Sentinel product licensing. In addition, the project leadership team worked with the vendor to address base product incompatibilities with our multi-campus, single-instance implementation of PeopleSoft and the need to lock down the application features to individual business units.
Unfortunately, the vendor cost model, even with offered discounts, posed a significant and exponential increase in the annual licensing cost. Those costs, coupled with additional costs for ensuring the product could support a multi-business unit security model, are prohibitive to the system moving forward with implementing the Sentinel product.
Security Project Re-Brand
Given that we are unable to proceed with the implementation of Sentinel, it was deemed appropriate to re-brand this project effort. Rather than focusing on remediating a purchased software product, we believe it appropriate to shift our focus to the improvements our system and Local Security Administrators (LSAs) truly need.
To that end, we are re-branding the effort to now be referred to as the Security Administration System Improvement project. This project information guide was revised to align with these changes.
Next Steps
With the project shift in focus, we plan to place our first emphasis on documenting and articulating our functional, technical, and auditor requirements. This foundational work is already underway with the College Advisory Group and is targeted for completion by the end of the month.
The joint work of this group and the SBCTC security team, combined with our internal effort to document our security business practices, will lend itself to a fit/gap analysis on sustainable business practices to determine which functional gaps to address. We plan to begin the fit/gap effort in November.
We also have closed the governance loop on the Off-Boarding Process for security and are developing the work breakdown structure to commence development of that needed improvement, which should significantly improve the auditor compliance concerns colleges have and the productivity impacts currently being experienced by our LSAs.
Questions on this project direction change? Please contact:
- Shelia Sloan - Associate Director - Security Team - [email protected]
- Grant Rodeheaver - Deputy Executive Director - IT Division - [email protected]
Archived Project Background Information -
Effective October 10, 2023 - SBCTC Determined that Sentinel Product License will not be reviewed.
In March 2020 the Washington State Board for Community and Technical Colleges (State Board) purchased the initial license from Sentinel. Sentinel’s low-cost, robust solution made it a unique value to our system. The State Board covered the annual renewal of the license while the ctcLink Project implementation phase was completed over the next few years.
The product was installed in a test instance for internal team exploration until all colleges were deployed (May 2022) and deemed sufficiently stable on ctcLink in the area of Security Administration.
The Project Management Office, in coordination with the Application Services Security Support Team, is preparing now to begin to explore the implementation of the Sentinel product in the most effective approach to meet the needs of colleges in our federated system. The initial planning, discovery, and design phase is anticipated to take approximately four (4) months, with feature roll-out to occur in phases over the following 12 months.
The Sentinel security software, once adopted officially by the Washington state community and technical colleges ctcLink system users, will be a combination of SBCTC Central Security Support Team functionality and college Local Security Administrators (LSAs) functionality for those managing security at our colleges.
Below are links to general-use videos made available by the vendor, Sentinel on their YouTube channel. Video content is organized by (a.) those which could apply to college users, depending on our configuration decisions, and (b.) those applicable to the Central Security Support Team. The inclusion of central security-relevant content helps colleges differentiate between areas available for their use and those which we believe will be centrally managed.
The videos below provide a simple overview of the Sentinel Product showing features that may be available for college LSAs, managers/supervisors, and possibly general employees; dependent upon the decisions made for how broadly the product will be used by our colleges.
Please review these short video highlights to gain a better understanding of what the product can do for our college system.
During the planning phase, product overview demonstrations will be presented, and recorded sessions made available, to provide greater insight as decisions are made on our adoption of Sentinel software.
Keep in mind the decisions made during Phase 1: Discovery, Planning and Design will greatly influence how these features will behave once Sentinel is implemented.
Video: Sentinel Security Workflows
The Application Support Security Team will manage Sentinel product configuration for colleges in our system.
Feel free to watch the following videos provided on the Sentinel Software (@sentinelsoftware) YouTube channel for a better perspective of what that means. These videos give a very high-level overview of the central security management tiles within the product that the Security Team will use to manage the product for our system.
Keep in mind the decisions made during Phase 1: Discovery, Planning, and Design will influence how this team will set up and maintain those settings.
Video: Sentinel Software Settings Overview
Video: Connecting Sentinel Software to Environments
Video: Managing Permissions Lists in Sentinel
Video: Database Environment Access Management
Video: Sensitive Data Access (for auditing purposes)
Video: Global Management of Fluid Security*
Video: SAML 2.0 - Single Sign-On Setup
*Video content that the vendor may alter to meet our federated model - currently considered central access only.
0 Comments
Add your comment