Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
copy <strong>of</strong> the signed document will be provided to the individual with the original being<br />
retained by the appropriate Human Resources department.<br />
11.2 Personnel Operations<br />
The State <strong>of</strong> Kansas requires that the manner in which information system users are<br />
hired, fired and transferred between positions be performed in a structured and<br />
controlled manner.<br />
By following defined protocols regarding staffing, the State <strong>of</strong> Kansas ensures that the<br />
users to whom it extends information system access will understand and treat that<br />
access with appropriate regard for information security. The potential exists that,<br />
without these protocols, information system users will have insufficient regard for the<br />
security <strong>of</strong> the information systems or information they use, increasing the risk that<br />
the State is required to accept.<br />
State agencies are required to define categorizations (also known as system roles) into<br />
which all <strong>of</strong> the users <strong>of</strong> State information systems must be placed. These system roles<br />
will be used for all information system users, whether they are employees or third<br />
party users, whether they work for the State itself or one <strong>of</strong> its agencies..<br />
Each system role will have assigned to it a risk categorization. Risk categorizations will<br />
define the amount <strong>of</strong> security risk associated with any given system role. The State<br />
requires the use <strong>of</strong> appropriate personnel screening procedures and background<br />
checks when staffing positions according to the risk categorization assigned to the<br />
system role. Both system roles and risk descriptions will be reviewed and updated<br />
where required by the State on an at least annual basis.<br />
Upon commencement <strong>of</strong> work for the State <strong>of</strong> Kansas, employees and third party<br />
users will be required to sign appropriate access agreements (including but not limited<br />
to non-disclosure, non-compete, conflict <strong>of</strong> interest, acceptable usage, etc.). These<br />
agreements specify the user’s intent to abide by the operational and security<br />
requirements <strong>of</strong> the State. These agreements will be reviewed on an annual basis and<br />
resigned by information system users as required. Further, the agreement<br />
document(s) will be reviewed on an at least annual basis to ensure the highest level <strong>of</strong><br />
appropriateness and applicability.<br />
Should the user <strong>of</strong> a State information system, whether internal employee or third<br />
party user, change working location or functional system role while in the employ <strong>of</strong><br />
the State, the access and operational privileges <strong>of</strong> that user will be immediately<br />
reviewed and, where required, updated. This review and update will focus equally on<br />
eliminating access privileges no longer required as well as providing the net<br />
new/enhanced access required <strong>of</strong> the new functional role. As necessary, State<br />
property, temporarily in the possession <strong>of</strong> the information system user, will be<br />
returned.<br />
Should the user <strong>of</strong> a State information system, whether internal employee or third<br />
party user, leave the employ <strong>of</strong> the State, access accounts for all information systems<br />
35