Introduction
The purpose of these guidelines is to
- detail the policy and principles that govern the use of security in iTrent, including the creation and maintenance of user accounts and surrounding user access, user data management,
- ensure that all security information held in iTrent is accurate and that the security controls are structured so that the University’s obligations and responsibilities with regard to general data protection and information security are met.
System Information
iTrent is the cloud-based human resource and payroll management system that the University has selected to hold shared and centralised information on its staff.
System Security Users
Access to iTrent is granted to individuals on the basis of roles with specific function access.
The two main two categories:
| Security Access | Description | Assignee |
|---|
|
Employee Self-Service Access
|
Employee Self Service, accessible by all who are PAYE staff, to request transactions such as annual leave, view payslips
|
All PAYE staff
|
|
Manager Self-Service Security Access
|
Available to all specific managers of staff, as opposed to resources, to access staff details and all staff related tasks e.g. ability to add/authorise amend leave etc.
|
All People Managers
|
In addition, there are specific functions that have been assigned to University staff engaged in specific transactional process to maintain and support the system.
| Security Access | Description | Role |
|---|
|
Payroll Cleardown
|
This profile contains the function of clearing down the payroll at the end of each month This function has been removed from all other payroll profiles
|
The Payroll Manager
A Payroll Administrator
|
|
Payroll Administration
|
Day to day activities for payroll, including the ability to run and process the payroll.
|
Payroll Administrators
|
|
Payroll Manager
|
Day to day activities as above plus the ability to set up new pension schemes, elements, payroll configuration etc. as required.
|
Payroll Manager
|
|
HR Administration
|
Day to day activities for the HR team across the full employee lifecycle and all HR modules covering recruit-to-exit processes.
|
HR Professionals
|
|
HR Information & Systems
|
Additional activities to HR Administration concerning user access, conditioning HR values, workflow and maintenance of the HR environments, with access to reporting in iTrent
|
HR Information & Systems Officer
Head of HR Services
|
|
News Configuration
|
The role enables the allocated users to change parts of ESS, like adding news for the organisation.
|
HR Information & Systems Officer
Head of HR Services
|
|
Finance/JREO
|
Restricted read only view for day to day work. Change access for costings
|
Finance staff that require access (Finance Managers, AR, Agresso) and JREO (Research Grants)
|
|
Institute Access
IMBE/I&I/MCS/PHRI
|
Allocated to areas who have a responsibility for full staff within their area. Profile restricted to their Institute and read only access to certain parts of the system
|
RIMS
Senior Management
|
|
System Administrator
|
St George’s is hosted by MHR and system administrator will provide super user support to all users and modules in iTrent and for the number of interfaces that depend on iTrent data, applying controls and updates across the TEST, TRAIN and LIVE environments, running security and audit.
|
Head of HR Services
Payroll Manager
|
Single Sign-On
As part of our specification of requirement, access to iTrent will be configured to allow user access to iTrent without seeing the traditional logon form containing the user name and password fields. The above list of roles and additional security information are presented to the user for completion, if they were part of the users’ normal login process. The network team in IT Services are responsible for exploring the automated creation and maintenance of iTrent user accounts in conjunction with the HR team.
Permission for additional security access
If a user or department identifies the need for additional security access or amendments, a request should be made via email to the HR team via hrsystems using the New User/Amendment Form (Excel). Should the additional access be deemed acceptable and authorised, the change will be made to the account and confirmed to the user with an update to the user’s access permissions by the HR team. If the request is denied for any reason the HR team will write to the user to explain the decision.
Leavers and Dormancy
When leavers’ IT accounts are closed, this is expected to automatically remove iTrent access for users. The network team will remove leavers’ names from the list of authorised iTrent users. Twice a year the HR Information Officer will data cleanse and disable any self-service user accounts no longer required.
Audit, Security and Misuse of the System
Audit is run daily as an automated function within iTrent to account for all actions in the system. If misuse or unacceptable use of the system is suspected or detected the system administrator may disable the user’s account, pending further investigation. In such an instance the user and their line manager will be informed of this along with an explanation. If appropriate, resumption of access may be considered after any investigation has concluded. Misuse of the system may be dealt with in line with the University’s regulations governing the use of computing facilities. On a monthly basis the Payroll and HR super users will conduct audits and log.
Data Access Requests
Any data access requests will be completed by HR as requested by the Data Protection Officer.