Information maintained by the University of West Florida is one of our most valuable assets and is made available to all employees who have a legitimate need for it. While the University is the owner of all administrative data, individual divisions and colleges have stewardship responsibilities for portions of this data via the Workstation Manager program.

University Workstation Managers (WSMs) are valued ITS partners and provide a valuable service to the University by acting as data stewards and security administrators for a designated college or department. WSMs establish departmental control for access to sensitive administrative data in order to prevent unauthorized access or disclosure, and determine appropriate levels of protection for the information technology resources under their control.

WSMs establish a security record within the ITS Security Administration guidelines identifying the user's allowable transactions. The security level required for information technology systems will be determined based upon the criticality of the system and/or the confidentiality of the data processed.  

Users accessing data must observe requirements for confidentiality and privacy, must comply with protection and control procedures, and must in all cases accurately present the data in which they are entrusted. WSMs will require a signed statement from all users and their supervisors indicating their specific data access and establishing an acknowledgment of understanding of the level of access provided and their responsibility for the data they access.

SSN Security Access Request and Authorization Guidelines
In general, Workstation Managers and Security Administrators will be required to determine business need for access and initially approve requests by people who wish to enter and/or view SSN data in UWF information systems. There must be a valid business purpose for any user to have access to any SSN data.

Last 4 digits of SSNs
Workstation Managers and Security Administrators may process requests for security access that allows the requesters of that access the ability to view only the last 4 digits of SSNs. These types of requests include things like access to the CICS WFID screen at security level 0. Workstation managers are responsible to determine the business need for access to WFID screen. To assist with this, the following questions should be asked:

• Why do you need the last four digits of the SSN? If it is to look up students, the SSN is no longer used. Student records will be accessed through the UWF ID. If cross referenceing “old records”, employees may continue to use RSNB which will show the name, UWF ID, DOB, and last semester of attendance.
• What will the SSN be used for? Since records cannot be accessed using the SSN, what will be the need for the SSN? It may be valid if reporting to an outside contracted agency but that must be preapproved.
• The authorization of SSN should be discouraged unless absolutely needed. Explore other alternatives to meet needs.

9-digit SSNs
Anyone requesting access to UWF information systems that will result in the ability to enter or view entire SSN's will need to justify the need with a business purpose that supports the need and then get the written approval of their department head that the access is justified.

These types of requests include access to CICS WFID (full SSN version), full SSN version of RSAP, etc. Many screens will have access at different levels whereby a higher authorization level allows the person to see the SSN as well as the WFID screens at security level greater than zero.

Workstation Managers and Security Administrators will not process requests that will result in full display of SSN data without the approval of the proper authority.