Skip to main content

Library: Policy

OKDHS:2-11-110. Finance Information Systems Unit security plan

Issued 8-1-06


(a) Physical security.  The Oklahoma Department of Human Services (OKDHS) Finance Division Finance Information Systems Unit (FISU), is responsible for the physical security of the Finance Division AS400 computer system.

  • (1) The Finance Division AS400 computer system is located in the Sequoyah Building.  The location of the computer room is not marked.
  • (2) The facility and storage areas are in controlled access environments to prevent unauthorized access.

(b) Access.  Access is controlled through the use of an employee's user identification (ID) number and password, issued by the FISU access administrator.

  • (1) System access.  All requests for access to the Finance Division AS400 computer system are directed to the FISU access administrator.  Access passwords are issued, monitored, and maintained by the FISU access administrator.
  • (2) Requesting Finance Division AS400 computer system access.  Form 10SC001E, Request for AS400 Access, is used to request access to the Finance Division AS400 computer system.  The form is located on the OKDHS Intranet Finance Division Web site.
    • (A) This form is completed and signed by the OKDHS employee and his or her supervisor and routed to the FISU access administrator.
    • (B) After verification that the employee is on OKDHS payroll, a one-time password is assigned to be used in conjunction with the employee's OKDHS user ID.
    • (C) The employee is required by the Finance Division AS400 computer system to change the password the first time he or she signs on to the computer.
    • (D) If access to a particular application is requested, the FISU access administrator notifies the owner of the application.  The owner provides written authorization to the FISU access administrator.
  • (3) Status change.  An employee's supervisor notifies the FISU access administrator of termination, name change, or transfer within OKDHS.
    • (A) The same day termination notification is given, the terminating employee's supervisor notifies the FISU access administrator of the termination via e-mail.
    • (B) The FISU access administrator verifies active status and accurate work locations of user IDs with access to the Finance Division AS400 computer system.
  • (4) Access disabled.  Access to the Finance Division AS400 computer system is disabled when a user ID is inactive for a:
    • (A) 30-day period.  The employee contacts FISU Help Desk to reactivate the user ID; or
    • (B) 90-day period.  Form 10SC001E is completed to re-activate the user ID.
  • (5) System passwords.  System password requirements are determined by the Data Services Division (DSD).  FISU complies with DSD requirements.
  • (6) WebPass registration.  Access to the Finance Division web-based systems requires WebPass registration, which is accessed from the OKDHS Intranet Finance Division Web site.  Once registration has been completed, a non-expiring WebPass access password is e-mailed to the requesting employee.

(c) Data security.  Data is owned by OKDHS and is accessible to all OKDHS divisions.  All users are responsible for protecting client confidentiality and the integrity and security of data per Section 24A.1 et seq. of Title 51 of the Oklahoma Statutes and OAC 340:1-1-20.  FISU has primary responsibility to ensure data security is in compliance with state and federal regulations.  Methods utilized in securing data on the Finance Division AS400 computer system are described in of this subsection.

  • (1) Finance Division AS400 computer system menu access.  Custom designed menus are developed based upon user access needs.  The FISU access administrator controls menu access authorization.
  • (2) Special authorizations.  The usage and current needs of users with special authorizations to menus or files are reviewed quarterly.
  • (3) Finance Division AS400 computer system time-outs.  System values are established to terminate any user's session when the user's workstation is not accessed in a one-hour period.  The system cancels the work session and requires the user to sign on again.
  • (4) Finance Division AS400 computer system backups.  A complete system backup is scheduled weekly.  All changes made on the system are backed up on a daily basis.  Copies of backups are maintained off-site.
  • (5) History files.  Files that require retention for a number of years are copied to tape or cartridge.  One copy is retained in the computer room and a second copy is maintained off-site.  Current files are included in the daily and weekly backups.
  • (6) Request for FISU services.  To request FISU services, an electronic form, Finance IS Service Request, is completed.  This form is located on the OKDHS Intranet Finance Division Web site.  Users with a WebPass access password may complete the form electronically.

(d) Software security.  FISU adheres to OKDHS regulations per DHS:2-41-16 regarding software licensing and copyright compliance and misuse.

Back to Top
Back to top

Oklahoma Human Services 
2400 N Lincoln Boulevard
Oklahoma City, Ok  73105
(405) 522-5050