Fiscal Year Memo #2024-10: Department Security Officer Review and Approval of Statewide Enterprise Systems Security Access
In accordance with the Department Head Signature Authorization and Electronic Signatures for MMARS Transactions Policy and the Statewide Enterprise Systems Security Policy, Department Security Officers (DSOs) are required to certify individuals’ access to enterprise systems that contain financial, payroll, and related data. This certification must be completed and returned to the Office of the Comptroller (CTR) by the last business day of the calendar year, which this year will be Friday, December 29, 2023. Departments must assign security roles that promote segregation of duties and ensure that users have the correct, appropriate, and lowest level of access necessary to perform transactions relative to their responsibilities. In addition, department leadership must review and update security roles whenever a user’s responsibilities change and must immediately terminate access for any individual who separates from service or is placed on extended leave. These reviews are required steps, per CTR policy, in the overall process to mitigate the risk of improper system access and to prevent fraud, waste and abuse.