Statement by CSU Chancellor Charles B. Reed on computers and security(March 26, 2003) -- California State University Chancellor Charles B. Reed today announced that security would be immediately tightened on its administrative software system, known as the Common Management System (CMS).
"The safety and security of our students and employees continues to be our top priority," Reed said. "We are taking interim action to tighten restricted access to sensitive information, and we are working with PeopleSoft, our software provider, to create a permanent solution."
The CMS system currently assigns a "unique identifier" that is not tied to Social Security numbers for all students and employees. However, because student tests such as the SAT and other data such as financial aid and payroll information come to the university with Social Security numbers as identifiers, that number is still in the system.
The restrictions announced today augment security already in effect whereby only employees whose job duties require access to Social Security numbers and who have signed confidentiality agreements may have such access. After today, in addition to these measures, access may only be granted after a review and certification of job-related need by the campus president or vice president.
In his directive to the 23 CSU campus presidents, Reed said that those having access to student and employee Social Security numbers and other sensitive identifiers must be "approved and certified" by the campus president or vice president. "A person who is not approved will not have access," Reed said.
A recent audit of the CMS system by the Bureau of State Audits recommended that the CSU tighten up the security surrounding access to Social Security numbers. "As part of our commitment to implement the several recommendations made by the auditors, we are taking this action, which we believe provides an immediate security enhancement," Reed said.
While today's action is an interim solution, the university is working to fast-track permanent software improvements with PeopleSoft. "We have a strong working relationship with PeopleSoft that has yielded positive results in the past. I am confident that together we will address successfully the security issues we and other institutions are facing," Reed said. "The confidentiality and security of personal information is important to our students, faculty, and staff, and ultimately to the success of this project."
Contact: Colleen Bentley-Adler, (562) 951-4801, firstname.lastname@example.org
Last Updated: 26 March 2003