Security Administration System Improvement [SASI] Project Information Guide

Purpose: The information in this guide is intended to aggregate information associated with the various improvement efforts underway to resolve gaps in the requirements set that address college needs associated with more effective ctcLink Security Administration tools.

Background: This project has gone through a Requirement Definition phase, where College Advisory Group members identified the requirements needed for an effective way to manage ctcLink security and identified gaps where those requirements were not successfully met. The project is underway in Solution Design phase, grouping those requirements with gaps and finding effective solutions. Requirement gaps were grouped into Solution Design "Work Packages" (labeled #0 through #12). Work Package #0 was an improvement package already in development that met specific requirement gaps identified during the Requirement Definition phase. Work Packages #1-6 are in planning and development, with the exception of Work Page #3, which is still in design discussions.

The guide provides:

  • High-level guide - Next steps to keep us moving through each project phase.
  • Solution Design Work Package Details (with meeting information, recordings, handouts)
  • How college Subject Matter Experts (SMEs) can get involved and stay informed on project progress.
  • Background information project historical content.

Audience: College Subject Matter Experts (SME) interested in ctcLink Security Administration and Security Audit Reporting

Updates:

  • Colleges met to share template samples at the Cohort Session 2 for Role Grouping Templates on Tuesday, November 12th. Recording link and meeting materials are now available.
  • Info Guide Redesign - Move Solution Design Work Package Information to its own heading for easier access. Added background information to purpose section above.
High-Level Project Phases
Phase 1:  Discovery, Planning and Design Work Packages

This phase will set the stage for all remaining project phases. In this phase the following will take place:

  • [Completed] Establishment of a College Advisory Group
  • [Completed] Define and Prioritize Security Administration System Requirements
  • [Completed] Review Requirements and Security Administration Business Practices for Functionality Fits and Productivity/Audit Gaps
  • [Completed] Detail Gap Analysis and Vet/Document Solution Approaches
  • [In Progress] Secure College Buy-Off on Solution Design(s)
  • [In Progress] Secure Governance Approval to Address Solutions
Phase 2: Security Administration Productivity Improvements

This phase includes the following:

  • [Started] Develop, Train and Implement Phase 1 Approved Security Administration Productivity Improvements.
    • Commence Development of Work Packages [Started #0 and #2]
    • Commence Testing of Work Packages [Started Internal Testing #0]
    • Provide Training Materials
    • Implement Work Packages
  • [Not Started] Determine need for future release phases based on results of Phase 1 and Phase 2 work.
Solution Design Work Package List  [Updated! 12/12/2024 [Cohort Session 3 Information]
#0A - Off-Boarding [In Testing, see ticket 140891]
  • Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
    • Requirement SA-019: More automated off-boarding capabilities around roles/secondary security.
#0B - SACR Security Using LaunchPad [COMPLETED- CS Launchpad updates moved to Production 3/21/24]
  • #0B - SACR Security Using LaunchPad [COMPLETED- CS Launchpad updates moved to Production 3/21/24]
    • Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
      • Requirement SA-020: Ability to copy SACR/UPDS from one user to another or from a standard template based on position.

Solution Overview Presentation from Monthly Security Meeting:

#0C - User Preference Definition Using LaunchPad [COMPLETED- FS User Preferences Launchpad updates moved to Production 12/26/23]
  • Effort in progress that pre-dates the SASI Project, but addresses requirements outlined during the SASI Requirements Validation phase.
    • Requirement SA-020: Ability to copy SACR/UPDS from one user to another or from a standard template based on position.
#1: Role Grouping Templates (Cohort Session 3 on Monday 1/13/25 Meeting Information Below)

This work package is now in the Organizational Change Management (OCM) and Test Planning stage. To support this work a number of sessions have been scheduled to provide colleges an opportunity to meet with colleagues, share information and receive overviews of OCM related materials made available by the SBCTC Security and Project Management Office Teams. These sessions are referred to as "Cohort" sessions and two have been held with an additional session planned for the future to ensure colleges are supported in this work and leaning on each other to make it easier to get started.

OCM: Cohort Session 1 Materials

Role Grouping Template Cohort Session 1 Meeting Information from Monday, October 21, 2024 1-2:30PM below:

MEETING INFORMATION BELOW:

Purpose: Gather members of the LSA Community and others involved in preparing the college for building and testing Role Grouping Templates to:

  • Review the solution design
  • Discuss the Organizational Change Management Tools developed to help colleges get started on this work
  • Participate in Breakout Sessions to “collaborate & listen” about each college’s approach
  • “Share” the Great Ideas that rose to the top in your breakout discussions
  • Move into Cohort Breakout Sessions with “like” colleges to discuss how to leverage the tools and build your resource team
  • Plan our way forward.

Participants in this meeting received access to a Shared Drive of materials that colleges can “contribute to” and “source from” so no college need start from scratch.

This meeting was recorded (main room discussions) for those who were not able to attend.

Colleges in each cohort can decide to meet amongst themselves before the follow-up planned for November.

MEETING RECORDING BELOW:

https://sbctc.webex.com/webappng/sites/sbctc/recording/526e505a780f407e96953a0bb56c7c0f/playback

OCM Materials Displayed During the Session:

Quick Start Guide for Role Grouping Templates:

1-Pager for Role Grouping Templates:

Sample Email Outreach Content Block:

Overview of Role Grouping Templates .Pdf Version Presentation Deck (full deck on Google Shared Drive):

OCM: Cohort Session 2 Materials

MEETING INFORMATION BELOW:

Recording Link from Main Session Room: https://sbctc.webex.com/recordingservice/sites/sbctc/recording/fc2d81f1cfa04ddc890caece8e8a1937/playback

This session focused on seeing templates builds in progress from other colleges and seeing the template shells provided by SBCTC for planning the builds of your Role Grouping Templates and preparing scenarios for User Acceptance Testing using a provided template shell.

The above templates and those provided by your colleagues during the presentation are also on the Google Share Drive (link below). Other colleges are also uploading samples of there work for others to leverage.

Link to Google Shared Drive: https://drive.google.com/drive/folders/1_LfiKcrYICQoZsjzfaa-VhcDBgy3-BmK

Need help with gaining access? Send an email to [email protected] for assistance, or follow the link and click the button request access.

OCM: Cohort Session 3 Meeting Information: Monday, January 13, 2025 1:30 -3:00PM

We’re excited to invite you to our third session to discuss the Security Administration System Improvement (SASI) Project  Role Grouping Templates!

Purpose: Gather members of the LSA Community and others involved in preparing the college for building and testing Role Grouping Templates:

  • Live Demonstration of Tips and Tricks for Gathering Data to Populate Template Shell
  • Live Demonstration of Additional Steps for Secondary Security
  • Open Discussion
    • How does the live demo differ from your current approach?
    • How do you envision you might adjust your approach?
  • Next Steps

This meeting will be recorded for those who are not able to attend.

MEETING INFORMATION BELOW:

Meeting Link

Meeting number (access code): 2661 310 5806

Meeting password: SASIfun

Tap to join from a mobile device (attendees only) +1-415-655-0002,,26613105806## US Toll

Join by phone +1-415-655-0002 US Toll  

Background on Solution Design for Role Grouping Templates

  • Draft Solution Design Document Presented to CAG Group on 02/27/2024 - Under Review by CAG
    • Requirement SA-024A: Ensure any role doesn't present an SOD issue.
    • Requirement SA-024B: Role Groupings Do Not Allow for Grouping of Roles that Would Violate SOD.
    • Requirement SA-018: Ability to assign roles by role groupings/positions.
    • See 02/27/2024 CAG Meeting Minutes for Discussion

Draft Test Plan for Review by CAG and PLT members- To be discussed at 10/8/24 CAG meeting:

Draft Solution Design Document for SD #1 Role Grouping Templates:

  • Feedback and Decision Timeline for Work Package #1
    • 4/11/2024: Review Solution Design at Monthly Security Administrator Meeting
    • 4/16/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
    • 4/19/2024: Feedback Update in SD document and republished
    • 4/22/2024 to 4/26/2024: College Sign-Off Period
    • 4/26/2024: College Sign-Off Was Completed by 5PM
#2: Security Reporting Dashboard
  • Draft Solution Design Document Presented to CAG Group on 03/12/2024 - Under Review by CAG
    • Requirement SA-015: Better reporting capabilities for Secondary security;  ability to compare users for SACR/UPDS
    • Requirement SA-023: SOD Reporting between pillars
    • Requirement SA-034: Add a LSAs Workcenter to build custom security groups for employees, where the SACR and UPD security setting that are assigned to an employee are visible on one page or Workcenter...which could include a query access paglet tab. Have a query description where you can select a query, then the roles are added to the user.(Dashboard reporting)
    • Requirement SA-004: When an employee works at multiple colleges, system should provide capability to display role access granted by a specific college either through an Inquiry View or Report.
      • Note: This requirement cannot be addressed until Work Package #3 - Role Approval Workflow has been released into Production as the relevant data points will not be available in the system until this has been deployed.
    • Requirement SA-022: Tracking and Reporting of Approvals and Role Assignments, including SACR, UPD, Faculty Advisor Table, supplier, Procurement Card Permissions, Requester Setup, Tables (Query Record Access), AWE and employee management.
      • Note: This requirement cannot be addressed until Work Package #3 - Role Approval Workflow has been released into Production as the relevant data points will not be available in the system until this has been deployed.
    • Requirement SA-007: The ability to see an employee's portal (Oracle Integration Hub) roles.
    • Requirement SA-016: A visual representation of security Permissions in PeopleSoft Navigations menus
    • Requirement SA-017A: Ability to compare security access differences between users in a single environment.
    • See 03/12/2024 CAG Meeting Minutes for discussion.

Solution Design Document for SD #2 Security Reporting Dashboard:

  • Feedback and Decision Timeline for Work Package #2
    • 4/11/2024: Review Solution Design at Monthly Security Administrator Meeting
    • 4/16/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
    • 4/19/2024: Feedback Update in SD document and republished
    • 4/22/2024 to 4/26/2024: College Sign-Off Period
    • 4/26/2024: College Sign-Off Due by 5PM
#3: Role Approval Workflow
  • Draft Solution Design Document - Security Team Documenting Design Ideas - Presented to CAG on 04/09/2024
    • Requirement SA-001: Employee must have the ability to request a security role be added to their user profile.
    • Requirement SA-002:Manager or role evaluator will be notified of a role request, with the power to edit the role request prior to approval.
    • Requirement SA-012: Ability to input an ID of who approved the security role exceptions.
    • Requirement SA-026:  Role Access Requirement Warnings (e.g. Requisition Process). Upon role assignment, generate a warning message that alerts LSA to requirement secondary security needs. ​
    • Requirement SA-030A:  Upon role Request submission, prompt either requestor or reviewer to with SACR Security Page requirements.
    • Requirement SA-030B:  Optimally, prompt for requested values for approval.   ​
    • Requirement SA-031:  Upon role request submission, where Institution Default values exist, provide a means for auto-populating in the request the standard default values for that requestor's institution, to be picked up on the approval workflow and automated assignment.​
    • Requirement SA-032:  Upon role Request submission, prompt either requestor or reviewer to with User Preference Definition Security Page requirements. Optimally, prompt for requested values for approval.   Though User Preferences has so many options/areas to check a box, and many of them we don’t know what they do (not really documented).  So not sure how this warning would work.  Probably would work better for CS roles requiring SACR. ​
    • Requirement SA-041:  Employee, Employee's Manager or Pillar Lead should all be able to initiate a role/role group request. ​
    • Tangentially Relevant Requirement SA-042: Provide a means by which each college can designate that a role applies to the work at that BU

Draft Solution Design Document for SD #3 - Role Approval Workflow:

  • Feedback and Decision Timeline for Work Package #3
    • 5/09/2024: Review Solution Design at Monthly Security Administrator Meeting
    • 5/14/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
    • 5/24/2024: Feedback Update in SD document and republished
    • POSTPONED: College Sign-Off Period
      • Link (open during period outlined above): Placed on hold while we incorporate user feedback.
        • (See sample of the survey questions in the pdf below for socializing on your campus)
    • ON HOLD: College Sign-Off Due by (TBD)
      • The SBCTC Security Team received a good amount of feedback, some of which revealed major differences in the base business practices and protocols for User Access Request processes across the colleges. With the number of ideas proposed during the feedback loop and the number of business practice differences the team felt it would be best to review the underlying requirements and functions of the solution with the Security Administration System Improvement (SASI) College Advisory Group (CAG) to determine if college provided updates to the solution should be included.
      • Due to this extra effort, the team has decided to pause on the sign-off of the existing Solution Design for Wk Pkg #3. Once the SASI CAG members have provided their input on the solution design review, the updated Solution Design document will be posted to the ctcLink Reference Center and a new survey sign-off period will be established.

Role Approval Workflow Design Discussion Meeting (SASI Work Pkg #3)

On Friday, September 6, 2024 9:00 a.m. to 12:00 p.m., a 3 hour meeting was held to review mock up of the current design under consideration and invite discussion from the college community in two break out sessions. During those two break outs the following questions were to be addressed by participants:

Breakout 1:

  • What did you see that you liked?
  • What did you see that you would have a challenge adopting?

Breakout 2:

  • What ‘Bright Ideas’ Do You Have?
  • How Can This Idea Overcome  Adoption Challenges?

Below are materials presented during the meeting and a written summary of the share out comments, organized by questions posed in each breakout session.

A follow-up meeting will be scheduled in October to review design modifications that the Security Team are able to incorporate based on community feedback. Be on the look out for a doodle poll on available dates for the next conversation in the coming weeks.

Meeting Slide Deck:

Meeting Discussion Share Out Summary:

#4: Data Masking for Cat 3 & 4 Data Security
  • Draft Solution Design Document - Security Team Documented Design Ideas - Targeted to Present to CAG on 03/26/2024
    • Requirement SA-013: Protect Category 4 Sensitive Data.

Draft Solution Design Document for SD #4 - Masking for Category 3 & 4 Data Security:

  • Feedback and Decision Timeline for Work Package #4
    • 4/11/2024: Review Solution Design at Monthly Security Administrator Meeting
    • 4/23/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
    • 4/26/2024: Feedback Update in SD document and republished
    • 4/29/2024 8AM to 5/3/2024 5PM: College Sign-Off Period
    • 5/3/2024: College Sign-Off Due by 5PM
#5: Comparison Tool for User Profiles Across Environments
  • Draft Solution Design Document Not Started - Security Team will hold feasibility discussion with College Advisory Group on May 14, 2024 meeting.
    • Requirement SA-017B: Ability to compare security access differences between a user in two environments
#6: Okta Shell Roles for Third Party Access Notices
  • Draft Solution Design Document - Security Team Documented Design Ideas - Targeted to Present to CAG on 03/26/2024
    • Requirement SA-043: A tracking mechanism with pop-up announcement that appears when offboarding an individual to also inform staff they need to offboard in LegacyTranscripts, LegacyLink (and any other third party applications we can incorporate).

Draft Solution Design Document for SD #6 - Okta Shell Roles:

  • Feedback and Decision Timeline for Work Package #6
    • 4/11/2024: Review Solution Design at Monthly Security Administrator Meeting
    • 4/23/2024: Feedback DUE from LSA Community to Incorporate into Solution Design document
    • 4/26/2024: Feedback Update in SD document and republished
    • 4/29/2024 to 5/3/2024: College Sign-Off Period
    • 5/3/2024: College Sign-Off Due by 5PM

Merged Work Packages

The following requirement gap resolutions were merged into other solution design work packages.

Merged into WP #3 - #7: College Identification of Desired Role Assignment
  • Discussion at January 23, 2024 CAG meeting was to have either a separate Work Package or include in Work Package #3. Decision by Security Team was to have the following requirements included in Work Package #3 - Role Approval Workflow.
    • Requirement SA-009: Warning messages of when certain roles have to be paired together. For example, you need ZD_DS_QUERY_VIEWER if you want an employee to have the ability to run any other query (aka Companion Role Identifier)
    • Requirement SA-026: Role Access Requirement Warnings (e.g. Requisition Process). Upon role assignment, generate a warning message that alerts LSA to requirement secondary security needs.
    • Requirement SA-042: Provide a means by which each college can designate that a role applies to the work at that BU.
Merged into WP #2 - #8: KT on Query of Portal Roles
  • Solution Design Document - See Work Package #2
  • Requirement SA-007: The ability to see an employee's portal (Oracle Integration Hub) roles.
    • This effort necessary to address this requirement was included in Work Package #2 - Security Reporting Dashboard, therefore no additional effort is needed for Work Package #8.

Post-Poned Work Packages

The following requirement gap resolutions were placed on hold until colleges can absorb the improvements in work packaged #0 through #6.

#9: Auto-assign Route Control BU
  • Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 06/11/2024
#10: Dynamic Assignment of SACR Institution Security for Active Inst/Adv Table Entries
  • Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 06/11/2024
#11: Name Change Dynamic Sync Across All Pillars and Okta (AD)
  • Draft Solution Design Document Not Started - Security Team will Document Design Ideas - Targeted to Present to CAG on 06/25/2024
#12: SOD Warning Pop-Up on Role Assignment
  • Draft Solution Design Document Not Started - Target TBD
Solution Design Review and Sign-Off

During Phase 1: Discovery, Planning and Design the team will document the solution design for implementing each aspect of the product.  

The Solution Design Documents (SDD) are intended to be plain language overviews of the challenge being addressed and what will be done from a functional and simplified technical design perspective to solve the problem with the implementation of any security administration system improvement efforts. 

These SDDs will be posted to this SASI Project Information Guide as they are completed. 

A sign-off survey will be distributed to ensure all colleges have the opportunity to review and sign off on the design before moving into the next project phase(s). While each college district will have only one vote, all college SMEs will have the ability to review the SDDs for a better understanding of how this product will be implemented.

  • Work Package #1 - Role Grouping Template - SD Approved, ER Approved
  • Work Package #2 - Security Reporting Dashboard - SD Approved, ER Approved
  • Work Package #3 - Role Approval Workflow - SD On Hold
  • Work Package #4 - Category 4 Data Masking - SD Approved, ER In Progress
  • Work Package #5 - Comparison Tool for User Profiles Across Environments - Not Executed (See  5/14 SASI CAG Meeting Minutes or listen to 00:01 to 00:14 min of Recording)
  • Work Package #6 - Okta Shell Roles for Third Party Access Notices - SD Approved, ER In Progress
  • Work Package #7 - College Identification of Desired Role Assignment - Not Executed as it was merged with Work Package #3 (See 5/14 SASI CAG Meeting Minutes or listen to 00:17 to 00:18 min of Recording)
  • Work Package #8 - KT on Query of Portal Roles - Not Executed as it was merged with Work Package #2 (See 5/14 SASI CAG Meeting Minutes or listen to 00:18 to 00:19 min of Recording)

The below 4 Work Packages are on hold as we focus on #1, #2, #4 and #6. This is briefly discussed in 5/14 CAG Meeting (00:31 to 00:33 min of Recording)

  • Work Package #9 - Auto-assign Route Control BU - On Hold
  • Work Package #10 - Dynamic Assignment of SACR Institution Security for Active Inst/Adv Table Entries - On Hold
  • Work Package #11 - Name Change Dynamic Sync Across All Pillars and Okta (AD) On Hold
  • Work Package #12 - SOD Warning Pop-Up on Role Assignment On Hold
College Involvement (Advisory Group Meeting Minutes) - Updated! 12/12/2024

There are many ways college staff can stay apprised of Security Administration System Improvement (SASI) Project activities or can get involved.  Below are key communication channels with college engagement possibilities:

SASI College Advisory Group (+ Meeting Minutes)

The SASI College Advisory Group works with the SASI Project Leadership Team to provide immediate feedback on business practices, design options, and current security management challenges.  The group meets regularly on the 2nd and 4th Tuesdays, from 2 to 3 p.m. 

Group responsibilities include:

  • Participate in Semi-Monthly (Tuesday afternoon) to give feedback on project activities or questions
  • Be available for Ad-Hoc Feedback Loops (as needed) on College Business Practices
  • Participate in Requirement Clarification Sessions 
  • Provide Early Feedback on Solution Design Materials
  • Participate in Solution Design Feedback Sessions as Change Champions and Thought Leaders
  • Respond to Surveys for Solution Design Decisions
  • Provide Input on Testing, Organizational Change Management and Training Plans
  • Participate in early College Engagement Testing and User Acceptance Testing
SASI College Advisory Group Meeting Minutes
December 10, 2024
  • Work Package #1​
    • Update on RGT OCM Action Items​
      • Template Shell Build Sample Video​
      • Role Grouping Template Spreadsheets to be posted​
  • Discuss RGT Cohort Session 3 Date, Agenda & Duration ​
    • Doodle Poll Deadline was Monday, December 9th EOB​
  • Work Package #0 – Review DRAFT- Quick Start Guide ​
  • Next Steps

Meeting Recording: Link 

Slide Deck and Meeting Minutes: 

November 26, 2024
  • Work Package #1​
    • Review Planning for RGT Template Shell Build Sample Video​
    • Discuss Cohort Session 3 Scheduling​
      • Review next session agenda for value​
  • Work Package #0
  • Next Steps 

Meeting Recording: Link 

Slide Deck and Meeting Minutes: 

October 8, 2024
  • New Member Introduction
  • Work Package #1
    • Test Plan Feedback
    • Review OCM Material Status
    • Discuss Cohort Sessions Scheduling
      • Best ways to organize these for greatest value…​
  • Review Work Package #3 ​
    • Processing Feedback and Incorporating Design Updates
  • Next Steps

Meeting Recording: Link

Slide Deck and Meeting Minutes:

September 24, 2024 - Canceled
September 10, 2024
  • New Member Introduction​
  • Feedback on 9/6 Work Package #3 Design Discussion
  • Work Package #1
    • Test Plan Feedback
    • Cohort Sessions- Best ways to organize these for greatest value
  • Next Steps

Meeting Recording: Link

Meeting Slide Deck and Minutes:

August 27, 2024
  • CAG Nominations and Voting
  • Test Plan Document Review
  • Cohort Survey Responses
  • Next Steps

Meeting Recording: Link

Meeting Minutes:

August 13, 2024
  • Feedback, Open Q & A on WVC Demo​
  • CAG Membership Change​
  • Work Package #1 OCM Activities​
    • LSA Survey – grouping colleges by similar characteristics to go through the process of implementing Role Grouping Templates together​
  • Work Package #6 Discussion
  • Next Steps

Meeting Recording: Link

Slide Deck and Meeting Minutes:

July 23, 2024
  • Discuss WVC Demo Recording
  • Discuss OCM/Test Prep
  • Next Steps

Meeting Recording: Link

Slide Deck and Meeting Minutes:

July 9, 2024
  • Continue Review of Work Package #3 Feedback (LSA Community)
  • Next Steps

Meeting Recording: Link

Slide Deck and Meeting Minutes:

June 28, 2024 - Canceled
June 11, 2024
  • Review Work Package #3  
    • Follow-Up on the Business Process and Requirements
  • Next Steps

Meeting Recording: Link

Slide Deck and Meeting Minutes:

May 28, 2024
  • Discuss Work Package #5 – Different Approach​
  • Review Work Package #3 – Let’s Get back to the Business Process of it all.​
  • Next Steps

Meeting Recording: Link

Slide Deck and Meeting Minutes:

May 14, 2024
  • Discuss Work Package #5 Feasibility
  • Review Work Package #3 Timelines
  • Discuss Work Package #7 Requirements Addressed in Work Package #3.
  • Discuss Work Package #8 Requirements Addressed in Work Package #2.
  • Discuss Feedback on Work Package #4
  • Remaining Work Packages (#9 through #12)
  • Next Steps

Meeting Recording: Link

Slide Deck and Meeting Minutes:

April 23, 2024
  • Discuss sign off on WP #1 and #2
  • UAT Preparation
  • Reminder to get feedback on WP #4 and #6
  • Feedback on WP #3
  • Next Meetings

Meeting Recording: Link

Meeting Minutes:

April 9, 2024
  • Initial Solution Design Document Review
    • Work Package #3  Role Approval Workflow
  • Review of Decision Timeline and Process for Solution Design Work
    • Sign-Off
    • Surveys Posted

Meeting Recording: Link

March 26, 2024
  • Initial Solution Design Document Review
    • Work Package #4 – Data Masking for Cat 4 Data Security
    • Work Package #6 – Okta Shell Roles for Third Party Access Notices
  • Timelines for Solution Design
    • Work Package Review
    • Sign-Off
  • College Advisory Group Membership

Meeting Recording: Link

Slide Deck and Meeting Minutes:

March 12, 2024
  • Initial Solution Design Document Review
    • Work Package #2 Reporting Dashboard
  • Confirm Completion of Business Process Step Lists: SASI Requirements Google Doc:
    • Off-Boarding
    • Transfer to New Job at Same College
  • Discuss Work Package #1 Readiness
  • Next Steps - Member List (N/A min)

Meeting Recording: Link

Meeting Minutes:

February 27, 2024
  • Initial Solution Design Document Review
    • Work Package #1  Role Grouping Template
  • Complete Review Business Process Step Lists: SASI Requirements Google Doc:
    • Off-Boarding
    • Transfer to New Job at Same College
  • Next Steps - Timelines for Business Process Review & Solution Design Work

Meeting Recording: Link

Slide Deck and Meeting Minutes:

February 13, 2024
  • Clarification on Requirement
  • Final Review Business Process Step Lists: SASI Requirements Google Doc:
    • Off-Boarding
    • Transfer to New Job at Same College
  • Timelines for BPR & Solution Design Work
  • Next Steps

Meeting Recording: Link

Meeting Minutes:

January 23, 2024
  • Clarification on Requirement
  • Review Business Process Step Lists: SASI Requirements Google Doc:
    • Off-Boarding
    • Transfer to New Job at Same College
  • Timelines for BPR & Solution Design Work
  • Next Steps

Meeting Recording: Link

Meeting Minutes:

January 9, 2024

Meeting Topics:

  • Review Entries Added to Business Process Steps
    • Discuss additional requirements added
    • Discuss content added to Details of Concern column
  • Next Steps

Meeting Recording: Link

Meeting Minutes:

December 12, 2023

Meeting Topics:

  • Finalize requirements:​
    • Assess Gaps​
    • Develop Mitigations  ​
    • Solution Design Approaches ​
    • Business Process Review​
  • Close the Loop on Outstanding Requirements​
  • Review Business Process Step List​
  • How to Enter Feedback/Issues in List​
  • Timelines for BPR & Solution Design Work​

Meeting Recording: Link

PowerPoint Presentation and Meeting Minutes:

November 14, 2023

Meeting Topics:

  • Review Requirements
  • Brainstorm Solution Approaches
  • Determine Viability of Requirements ‘As Written’ or ‘Rewritten’
  • Next Steps

Meeting Recording: Link

PowerPoint Presentation and Meeting Minutes:

October 24, 2023

Meeting Topics:

  • Welcome  
  • Phase 1  
  • Requirements Discussion/Prioritization
  • Next Steps  

Meeting Recording: Link

PowerPoint Presentation and Meeting Minutes:

October 10, 2023

Meeting Topics:

  • Project Update & Discussion
  • Phase 1 Restructuring
  • Requirements Discussion/Prioritization
  • Next Steps

Meeting Recording: Link

PowerPoint Presentation and Meeting Minutes:

September 26, 2023

Meeting Topics:

  • Review Sentinel Module Functionality
  • Review/Update Discovery Points List
  • Review/Update Decision Points List

Meeting Recording: Link

PowerPoint Presentation and Meeting Minutes:

September 12, 2023

Meeting Topics:

  • Group Expectations and Goals
  • Review Sentinel Module Functionality
  • Review/Update Discovery Points Vendor Feedback
  • Next Steps

Meeting Recording: Link

PowerPoint Presentation and Meeting Minutes:

October 22, 2024
  • Work Package #1​
    • Debrief on Cohort Session Effectiveness​
    • Survey for Feedback?​
    • Large College Cohort Check-In​
    • Shared Drive Access Request Status & Folder Structure Feedback​
  • OCM Material Status​
  • Discuss Cohort Session 2 Scheduling​
    • Review next session agenda for value​
  • Next Steps

Meeting Recording: Link

Meeting Slide Deck and Minutes:

Membership List

The following college subject matter experts have been identified as members of the SASI College Advisory Group, through an official nomination and selection process completed on August 16, 2023.

Member Name Member Title Member Email
Drew Abercrombie WVC IT Department [email protected]
Stephanie Baker Business Systems Analyst [email protected]
Stephanie Beaulieu  IT Customer Support Services Supervisor [email protected].edu
Matt Connelly ctcLink Business Systems Analyst/Security IT Admin [email protected]
Kathy Disney Business System Analyst [email protected]
Kael Godwin IT Data Management [email protected]
David Hermansen
Information Technology Staff
[email protected]
Kaytlyn Hoch Application Services Director [email protected]
Jennifer Horrace IT Customer Support Journey [email protected]
Jeremy Kelley System Engineer [email protected]
Victor Lopez Business Systems Analyst / Local Security Administrator [email protected]
Carol McCarthy Finance Business Analyst | Information Technology [email protected]
Bradley Nuxoll Senior Application and Database Developer [email protected]
Nichole Seroshek ctcLink Project Manager/Business Process Analyst [email protected]
Hongyu Zhan ctcLink Business Analyst and Security Coordinator [email protected]
Advisory Group Member Connections with Councils/Commissions

Advisory group members who are also members of a specific council or commission may be called upon to provide insights into the activities of this group.  

Advisory group members will be provided periodic status update slide deck materials enabling them to share their work on this group.  

Councils and commissions seeking a project status update presentation from the Project Management Office can reach out to Tara Keen ([email protected]) to request an update at an upcoming council or commission meeting.

Monthly Security Administrator Meetings

The SBCTC-IT Application Services Security Team holds monthly Security Administrator meetings with Local Security Administrators, as well as interested Business Analysts and pillar leads, on the second Thursday of each month.  In this monthly forum, the Security Team will provide project updates, field questions and solicit feedback on current topics within the effort where the project team needs to hear from college experts. 

Any SASI Project update materials presented during these meetings will be posted to this Project Information Guide for easy reference and access.

Monthly Security Administrator Meeting Presentation Decks
College Collaboration Group

The College Collaboration Group meets the 2nd and 4th Wednesdays from 10 a.m. to noon and is an open forum for ctcLink Points of Contact, Business Analysts, and topic-specific SMEs to gather and discuss an array of topics that need to be shared and collaborated on in our system.

 While the topics change each meeting, regular SASI Project updates will be provided to this group to ensure broad input is gathered on topics related to the SASI Software implementation efforts. 

Background Information
SASI Project Re-Brand - Effective Tuesday October 10, 2023

Sentinel Implementation Project Re-Brand to Security Administration System Improvement  (SASI) Project

To prepare for the planned implementation of the Sentinel security administration software product SBCTC engaged in talks with the software vendor to ensure we fully understood the cost projections for annual Sentinel product licensing. In addition, the project leadership team worked with the vendor to address base product incompatibilities with our multi-campus, single-instance implementation of PeopleSoft and the need to lock down the application features to individual business units.

Unfortunately, the vendor cost model, even with offered discounts, posed a significant and exponential increase in the annual licensing cost. Those costs, coupled with additional costs for ensuring the product could support a multi-business unit security model, are prohibitive to the system moving forward with implementing the Sentinel product.​

Security Project Re-Brand

Given that we are unable to proceed with the implementation of Sentinel, it was deemed appropriate to re-brand this project effort. Rather than focusing on remediating a purchased software product, we believe it appropriate to shift our focus to the improvements our system and Local Security Administrators (LSAs) truly need.

To that end, we are re-branding the effort to now be referred to as the Security Administration System Improvement project. This project information guide was revised to align with these changes.

Next Steps

With the project shift in focus, we plan to place our first emphasis on documenting and articulating our functional, technical, and auditor requirements. This foundational work is already underway with the College Advisory Group and is targeted for completion by the end of the month.

The joint work of this group and the SBCTC security team, combined with our internal effort to document our security business practices, will lend itself to a fit/gap analysis on sustainable business practices to determine which functional gaps to address. We plan to begin the fit/gap effort in November.

We also have closed the governance loop on the Off-Boarding Process for security and are developing the work breakdown structure to commence development of that needed improvement, which should significantly improve the auditor compliance concerns colleges have and the productivity impacts currently being experienced by our LSAs.

Questions on this project direction change? Please contact:

 

 

SASI College Advisory Group Kick-Off Meeting  - 8/24/2023 - ** Completed **

The SASI (formerly Sentinel) College Advisory Group met on Thursday, August 24th to kick-off the work on their Sentinel Project work.

Presentation Information:

Meeting Recording: Recording Link

Meeting Minutes:

Presentation Slides:

SASI College Advisory Group Nomination Process - ** Completed **
  • Solicit SASI (formerly Sentinel) College Advisory Group nominations - (July 25 to August 7, 2023) - Done
  • SASI (formerly Sentinel)l Project Leader Team to select advisory group members from nominees and send notices to selected members by August 17 - Done
  • Publish Membership List - Done

 

Archived Information Related to Prior Project Activities

Archived Project Background Information -

Effective October 10, 2023 - SBCTC Determined that Sentinel Product License will not be reviewed.

In March 2020 the Washington State Board for Community and Technical Colleges (State Board) purchased the initial license from Sentinel.  Sentinel’s low-cost, robust solution made it a unique value to our system.  The State Board covered the annual renewal of the license while the ctcLink Project implementation phase was completed over the next few years.  

The product was installed in a test instance for internal team exploration until all colleges were deployed (May 2022) and deemed sufficiently stable on ctcLink in the area of Security Administration. 

The Project Management Office, in coordination with the Application Services Security Support Team, is preparing now to begin to explore the implementation of the Sentinel product in the most effective approach to meet the needs of colleges in our federated system. The initial planning, discovery, and design phase is anticipated to take approximately four (4) months, with feature roll-out to occur in phases over the following 12 months.

The Sentinel security software, once adopted officially by the Washington state community and technical colleges ctcLink system users, will be a combination of SBCTC Central Security Support Team functionality and college Local Security Administrators (LSAs) functionality for those managing security at our colleges.  

Below are links to general-use videos made available by the vendor, Sentinel on their YouTube channel.  Video content is organized by (a.) those which could apply to college users, depending on our configuration decisions, and (b.) those applicable to the Central Security Support Team. The inclusion of central security-relevant content helps colleges differentiate between areas available for their use and those which we believe will be centrally managed.  

Product Functionality for College Users

The videos below provide a simple overview of the Sentinel Product showing features that may be available for college LSAs, managers/supervisors, and possibly general employees; dependent upon the decisions made for how broadly the product will be used by our colleges. 

Please review these short video highlights to gain a better understanding of what the product can do for our college system. 

During the planning phase, product overview demonstrations will be presented, and recorded sessions made available, to provide greater insight as decisions are made on our adoption of Sentinel software.

Keep in mind the decisions made during Phase 1: Discovery, Planning and Design will greatly influence how these features will behave once Sentinel is implemented.

Video: Sentinel Security

Video: Sentinel Dashboard

Video: Sentinel User Hub

Video: Sentinel Security Workflows

Video: Custom Forms

Video: Security Audit Feature

Video: Sentinel Reporting

Video: Privileged Access Report

Video: History Data in Sentinel

Product Functionality for State Board Central Security Management

The Application Support Security Team will manage Sentinel product configuration for colleges in our system.  

Feel free to watch the following videos provided on the Sentinel Software (@sentinelsoftware) YouTube channel for a better perspective of what that means. These videos give a very high-level overview of the central security management tiles within the product that the Security Team will use to manage the product for our system.  

Keep in mind the decisions made during Phase 1: Discovery, Planning, and Design will influence how this team will set up and maintain those settings.

Video: Sentinel Software Settings Overview

Video: Connecting Sentinel Software to Environments

Video: Managing Permissions Lists in Sentinel

Video: Role Groups

Video: Database Environment Access Management

Video: Sensitive Data Access (for auditing purposes)

Video: Compare Reports*

Video: Central Security Logs

Video: Global Management of Fluid Security*

Video: Security Matrix*

Video: SAML 2.0 - Single Sign-On Setup

 

 

*Video content that the vendor may alter to meet our federated model - currently considered central access only.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.