9.4 Business Financial Information
Policy Statement
The University of Illinois System owns all information gathered, stored, or maintained for business purposes, unless otherwise stated in a contractual agreement. This ownership includes all system information regardless of location or media. Such information is to be used only for conducting system business.
People who act as stewards or caretakers for the business financial information of the system have a responsibility to ensure that business is transacted legally, protect the assets of the system, and avoid conflicts of interest.
System units have unlimited, read-only access to most business financial information, but must follow the standard access approval process that includes Unit Security Contacts and Administrative Information Technology Services (AITS). Unit heads are responsible for the security of system data used by their unit. Unit heads must ensure that that Unit Security Contacts are notified in a timely manner when employees transfer to another unit or no longer work for the University of Illinois System.
Individuals must report known or suspected security violations to the Associate Vice President for Administrative Information Technology Services (AITS) or delegate.
Reason for the Policy
The system has a fiduciary responsibility regarding business financial information (including Social Security Numbers). The system will respond to security violations by:
- Limiting the individual's access to some or all university systems,
- Initiating legal action, including, but not limited to, criminal prosecution under appropriate state and federal laws,
- Requiring the violator to provide restitution for any improper use of service, and,
- Enforcing disciplinary sanctions in accordance with the relevant system policy.
Applicability of the Policy
Business financial information covered by this policy includes but is not limited to information held in systems where financial, payroll, employment, and student transactions can be started, routed, approved, and/or completed.
Procedure
Employees, contractors, and students are expected to exercise responsible, ethical behavior when using system computers, information, networks, or resources.
Individual responsibilities include preserving the confidentiality and security of data to which the user has been granted access and ensuring that data are used only for and in the conduct of system business. These responsibilities also include the proper storage, access control, and disposal of private and confidential data presented to the user in any form.
Unit heads are responsible for establishing proper data controls, such as;
- Implementing consistent data security policies and standards,
- Maintaining proper segregation of duties by ensuring that system access and associated permissions are divided among different employees,
- Developing a disaster recovery plan that includes access controls and contingency plans for continuous operation in case of emergencies such as power outages,
- Developing and maintain an internal security plan to assure data integrity and authentication,
- Ensuring that each system utilized by your unit is used ethically and for its intended purpose, and,
- Notifying your Unit Security Contact (USC) when employees leave the system or are transferred to another unit.
Related Policies and Procedures
University of Illinois Enterprise Systems Access Removal Guidelines
University of Illinois System: Social Security Number Policy
Additional Resources
Find Your USC
Get Enterprise Data
For data security policies and standards, consult IT Policies.
For additional information regarding the rules for use of financial information, search for keywords such as "software" or "security" in:
University Policy and Rules for Civil Service Staff
University of Illinois Statutes
Academic Staff Handbooks
Urbana
Chicago
Springfield
Code on Campus Affairs
Urbana
Springfield - Consult the Academic Staff Handbook
Last Updated: May 21, 2020 | Approved: Senior Associate Vice President for Business and Finance | Effective: May 21, 2020