FTI Security Enhancements Work Order – 0527
description
Transcript of FTI Security Enhancements Work Order – 0527
FTI Security EnhancementsWork Order – 0527
2012 Annual DRAP Training ConferenceOctober 3, 2012Doris Hartman
2
• Today’s Agenda• Why are we making these changes?
• Safeguard Review Preliminary Findings
• Expected Business Outcomes
• Security Changes
• FTI Security Changes
• Centralized Security Buckets
• Other Security Bucket Changes
• Screen Changes
• FTI Labeled Screens
• Masked Screens
• FSUM Enhancements
FTI Security Enhancements
3
• System Issues identified in the Safeguard Review Preliminary Findings Report issued January 31st, 2012
• BCSE is making unauthorized disclosure of FTI by printing receipt detail information on check stubs.
• BCSE is making unauthorized disclosure of FTI on a telephonic Integrated Voice Response (IVR) system. (The CP receives source of payment information for all payments except FTI payments.)
• BCSE does not restrict access to FTI to authorized individuals on a “need to know” basis.
• BCSE does not label electronic FTI when displayed on PACSES Screens.
FTI Security Enhancements
4
• BCSE is making unauthorized disclosure of FTI by printing receipt detail information on check stubs.
•All receipt numbers removed from disbursement file and no longer printed on SCDU check stubs.
•Change to check template became effective April 10, 2012.
FTI Security Enhancements
5
• BCSE is making unauthorized disclosure of FTI on a telephonic Integrated Voice Response (IVR) system. (The CP receives source of payment information for all payments except FTI payments.)
•The payment source information has been removed from both the PACSES and SCDU IVRs.
•Change migrated to Production January 12, 2012.
FTI Security Enhancements
6
• Expected Business Outcomes
• PACSES screens are properly labeled so that FTI information appearing on the screens can be properly protected and handled according to the procedures outlined in IRS Publication 1075.
• Access to FTI is now properly restricted to individuals (not teams) authorized to view FTI as part of their routine job functions and who have a need to view FTI data.
• The findings of the IRS Safeguard Review Preliminary Findings Report are being addressed so that there is no interruption of FTROP collections.
• Drill functionality is added back to the Financial Summary (FSUM) screen to allow Domestic Relations Staff to be able to view financial data without viewing FTI data.
FTI Security Enhancements
7
• Today’s Agenda• Why are we making these changes?
• Safeguard Review Preliminary Findings
• Expected Business Outcomes
• Security Changes
• FTI Security Changes
• Centralized Security Buckets
• Other Security Bucket Changes
• Screen Changes
• FTI Labeled Screens
• Masked Screens
• FSUM Enhancements
FTI Security Enhancements
8
• WO-0527 FTI Security Enhancement Changes
• BCSE does not restrict access to FTI to authorized individuals on a “need to know” basis.
• BCSE does not label electronic FTI when displayed on PACSES Screens.
FTI Security Enhancements
9
• Security will be assigned at a worker level (WACI) only.
• Elimination of Team (TACI), Unit (UACI) and County (CACI) level security assignment. The screens are removed from PACSES. **Counties are still able to use Teams and Units for the purpose of
scheduling and case management.**
• All workers are now required to have a worker level security (WACI) record. SMEs completed outreach with counties July – September 2012 to ensure all workers have WACI records.
• The ability to view FTI data will be ‘access controlled’ based on the security buckets assigned to the worker and based on the security level of the PACSES screen.
• Assignment of FTI Security Buckets and the DRSRTUPD security bucket are now controlled centrally by BCSE. A new form and process will be implemented to allow DRS Directors to request access to these security buckets.
PACSES Security Changes
10
• Three Levels of FTI Access
• No access to FTI Data or Access Controlled Screens• Users receives a “Not Authorized” error when attempting to navigate to
any screen defined as access controlled • Data identifiable as FTI is “masked” or suppressed on other screens
defined as commonly used screens
• No access to FTI Access Controlled Screens but allowed to view FTI data• A new security bucket ‘CFTIINQ’ allows users to view unmasked data
on screens that are commonly used in DRS business.
• Full Access to FTI screens and Data. • These users need the appropriate security buckets to view and/or
update the access controlled screens • These users also require the new CFTIINQ security bucket to view
unmasked data on screens that are commonly used in DRS business.
PACSES Security Changes
11
Access Controlled Screens
Screen Name FTI Data Displayed Updated By
AHLD Address Hold Release Receipt Number payment source (I). County/SCDU
BATH Batch Control History Payment method (I) and Payment Source (IRS). Read Only
CBAT Batch Control Batch Collection origination (I). Payment method (I) and Payment Source (IRS). SCDU
CPOS Post Collections Batch Collection origination (I). Payment method (I) and Payment Source (IRS). SCDU
CPUD Unidentified Receipts – By Date Batch Collection origination (I) and Payment method (I). Read Only
CPUN Unidentified Receipts – By Name Batch Collection origination (I), Payment method (I) and Receipt Number payment source (I). Read Only
CPUR Post Unidentified Receipts Batch Collection origination (I), Payment Source (IRS), Payment method (I) and Joint tax and TANF indicators. County/SCDU
DISB Disburse Receipt Receipt Number including payment source (I) as key (required entry). SCDU
DISR Disbursement Hold Release Intercept Type as key (I), Disb Hold Date (reveals collection dates for FTROP). SCDU
FCLG IRS Full Collection Log Legacy FTI CountyHIRA Held IRS Disbursement History Legacy FTI Read OnlyHIRS Held IRS Disbursements Legacy FTI SCDUIOVR IRS Offset Status and Override Legacy FTI CountyIRCR Tax Collection Detail Legacy FTI Read OnlyIRML IRS Member Transaction Log Legacy FTI Read OnlyIRSL IRS Case Transaction Log Legacy FTI Read Only
12
Access Controlled Screens
Screen Name FTI Data Displayed Updated By
MDST Manual DistributionReceipt Number including payment source (I) as key (required entry), Payment Source (IRS), IRS Fed Fee, Worker ID (batch program associated specifically with FTROP processing).
County/SCDU
PARR Reverse Partial ReceiptReceipt Number, including payment source (I) as key (required entry), Payment method (I) and EFT/Item Number (FTROP distinctive trace number).
SCDU
PDOV Passport denial Status/Override Legacy FTI County
PHLD Disbursement Payee Hold Receipt Number payment source (I). County/SCDU
POFF Payee Offset History Receipt Number payment source (I). Read Only
RREV Receipt Reversal Receipt Number including payment source (I) as key (required entry) and Payment method (I). SCDU
SACF Annual Federal User Fee Receipt Number payment source (I). SCDU
SUDS Suspended Disbursements Receipt Number payment source (I). SCDU
TRNL Financial Transaction LogPayment source (I) in the reference ID for receipt transactions, unique log entries associated with FTROP only, short transaction descriptions.
Read Only
13
• Assignment of FTI Security Buckets and the DRSRTUPD security bucket are now controlled centrally by BCSE.
PACSES Security Changes
Security Bucket DescriptionCFTIINQ (new) Confidential Federal Tax Information InquiryDRSRTUPD (modified) DRS Reference Table UpdateIRSINQ (modified) IRS Coordinator InquiryIRSUPD IRS Coordinator UpdatePHLDUPD (new) Payee Hold UpdateRAFININQ (new) Restricted Access Financial InquiryRAFINUPD (new) Restricted Access Financial Update
The below security buckets are for Non-DRS UsersDISRUPD DISR UpdateFXUUPD FXU UpdateMDSTUPD MDST UpdatePARTUPD PA State Reference Table UpdateSCDUAUPD SCDU Administrator UpdateSCDUFUPD SCDU Financial Update
14
• Additional Changes included in this work order
• A new form and process allows DRS Directors to request access to these security buckets.
• To ADD, CHANGE, or DELETE one of the 13 centrally controlled security buckets the FTI / Administrative Security Request Form needs to be submitted
• The form is available on the PACSES Home Page / IRS Security Suite (left Hand Navigation Panel) / FTI Security Enhancements
FTI Security Enhancements
15
• Additional Changes included in this work order
•A comprehensive review of all PACSES Security buckets has been completed to align security with individual job responsibilities and to remove duplication. Based on this review new security buckets were created, existing security buckets were modified, and some security buckets were deleted.
•The appropriate security buckets were ascertained during the county outreach and all workers were set with worker level security (WACI) with the security buckets designated as required for each individual’s job duties.
FTI Security Enhancements
16
• Today’s Agenda• Why are we making these changes?
• Safeguard Review Preliminary Findings
• Expected Business Outcomes
• Security Changes
• FTI Security Changes
• Centralized Security Buckets
• Other Security Bucket Changes
• Screen Changes
• FTI Labeled Screens
• Masked Screens
• FSUM Enhancements
FTI Security Enhancements
17
Screens Labeled as ‘FTI’
Screen. Name FTI Data DisplayedAHLD Address Hold Release Receipt Number payment source (I).ADJL Adjustment Detail Transaction Adjustment type, Receipt Number including payment
source (I), Worker ID, and Offset Type (F)BATH Batch Control History Payment method (I) and Payment Source (IRS).CBAT Batch Control Batch Collection origination (I), Payment method (I) and
Payment Source (IRS).
CINQ Collections Inquiry by PayorReceipt Number, including payment source (I), County Code (00 associated with intercepts), Payment Method (I), Payment Source (IRS), EFT/Item Number (distinctive FTROP trace number)
CPOS Post Collections Batch Collection origination (I), Payment method (I) and Payment Source (IRS).
CPUD Unidentified Receipts – By Date Batch Collection origination (I) and Payment method (I).CPUN Unidentified Receipts – By Name Batch Collection origination (I), Payment method (I) and
Receipt Number payment source (I).CPUR Post Unidentified Receipts Batch Collection origination (I), Payment Source (IRS),
Payment method (I) and Joint tax and TANF indicators.DISB Disburse Receipt Receipt Number including payment source (I).DISR Disbursement Hold Release Intercept Type as key (I), Disb Hold Date (reveals
collection dates for FTROP).
18
Screens Labeled as ‘FTI’
Screen Name FTI Data DisplayedDSBL Detail Transaction Log Receipt Number, including payment source (I).FCLG IRS Full Collection Log Legacy FTIHIRA Held IRS Disbursement History Legacy FTIHIRS Held IRS Disbursements Legacy FTIHRCT Release Receipt on Hold County, Batch Collection origination (I), Payment
Source (IRS), TANF Indicator, Joint Tax IndicatorICOL Interstate Collection Data CSENet Payment SourceIOVR IRS Offset Status and Override Legacy FTIIRCR Tax Collection Detail Legacy FTIIRML IRS Member Transaction Log Legacy FTIIRSL IRS Case Transaction Log Legacy FTIIVAL Welfare Distribution Log Receipt Number, including payment source (I)
MDST Manual DistributionReceipt Number including payment source (I), Payment Source (IRS), IRS Fed Fee, Worker ID (batch program associated specifically with FTROP processing).
PARR Reverse Partial ReceiptReceipt Number, including payment source (I), Payment method (I) and EFT/Item Number (FTROP distinctive trace number).
19
Screens Labeled as ‘FTI’
Screen Name FTI Data Displayed
PDOV Passport denial Status/Override Legacy FTI
PHLD Disbursement Payee Hold Receipt Number payment source (I).
POFF Payee Offset History Receipt Number payment source (I).
RCTL Receipt Distribution DetailReceipt Number, including payment source (I), Payment Source (IRS), Worker ID (batch program associated specifically with FTROP processing), EFT/Check Number (distinctive FTROP trace number)
RREV Receipt Reversal Receipt Number including payment source (I) and Payment method (I).
SACF Annual Federal User Fee Receipt Number payment source (I). SUDS Suspended Disbursements Receipt Number payment source (I).
TRNL Financial Transaction LogPayment source (I) in the reference ID for receipt transactions, unique log entries associated with FTROP only, short transaction descriptions.
20
Screens Labeled as ‘FTI’
21
Screens Labeled as ‘FTI’
22
Commonly Used Screens
Screen Name FTI Data Displayed Updated By
ADJL Adjustment Detail Transaction
Receipt Number, including payment source (I) visible in header and/or detail information, Adjustment Type (description), Worker ID (batch program associated specifically with FTROP processing) and Offset Type (F).
Read Only
CINQ Collections Inquiry by Payor
Receipt Number, including payment source (I), County Code (00 associated with intercepts), Payment Method (I), Payment Source (IRS), and EFT/Item Number (distinctive FTROP trace number).
Read Only
DSBL Detail Transaction Log Receipt Number, including payment source (I). County/SCDU
HRCT Release Receipts on Hold Batch Collection origination (I), Payment Source (IRS), TANF and Joint tax Indicators. County/SCDU
ICOL Interstate Collection Data CSENet Payment source. Read Only
IVAL Welfare Distribution Log Receipt Number, including payment source (I). Read Only
RCTL Receipt Distribution Detail
Receipt Number, including payment source (I) as key (required entry), Payment Source (IRS), Worker ID (batch program associated specifically with FTROP processing) and EFT/Check Number (distinctive FTROP trace number).
Read Only
23
ADJL Masking Example
24
CINQ Masking Example
25
DSBL Masking Example
26
HRCT Masking Example
27
ICOL Masking Example
28
IVAL Masking Example
29
RCTL Masking Example
30
FSUM Enhancements
Drills toADJLACCLRCTLDSBLADJLHRCTIVAL
31
FTI Security Enhancements
QUESTIONS?