CD 2013-010

Subject: Administration of Access and Security Management for the Regional Pay System (RPS)

June 4, 2013

1. Purpose

1.1. The purpose of this directive is to remind the key stakeholders of their roles and responsibilities in administering the on-line access and security management for the RPS.

2. Background

2.1. In August 2010, the On-line Access and Security Management Guide was created to assist stakeholders in their understanding of their roles and responsibilities.

2.2. This directive must be read in conjunction with ARCHIVED CD 2010-015 dated August 24, 2010 and it supersedes CD 2012-004 dated April 2, 2012.

3. Procedures and Instructions

3.1. The responsibility for segregation of duties lies with departments and agencies. Departments and agencies must establish policies and procedures to ensure that controls exist related to pay transactions by ensuring that users are not assigned the ability to create and verify the same pay transaction and those persons who are assigned access rights understand their responsibilities.

3.2. It is also the responsibility of departments and agencies to ensure that new designated Security Access Control Officers (SACO) successfully complete the On-line Departmental Security Application (PA-09) course and receive the necessary training to perform their duties.

3.3. The SACOs are responsible for ensuring that all system access requests, including access to RPS, are completed properly and forwarded to the Enterprise Security Administration for processing. A copy of these requests must be kept on file for reference and audit purposes.

3.4. Prior to creating user identification for a person, the Security Access Control Officers must delete all previously assigned user identification for that same person.

3.5. When a user is no longer required to perform duties necessitating RPS access or leaves the department or agency, their user identification must be immediately cancelled and removed from the departmental security structure.

3.6. On a yearly basis, Security Access Control Officerss must confirm that a review of all users has been completed and that all discrepancies have been corrected.

3.7. Detailed instructions and contact information are available in the On-Line Access and Security Management Guide posted in the "Security Administration and Control Officer (SACO)" page of the Compensation Sector Web site.

4. Inquiries

4.1. Any inquiries on the information contained in this directive should be addressed to your Public Works and Government Services Canada (PWGSC) Compensation Services Office.

Reference(s): 9021-21