Enterprise Reporting Standard Reports (ER) and Web Intelligence (Webi)
Agencies accessing the Enterprise Reporting Standard Reports (ER) or Web Intelligence (Webi) maintained by DES must establish an effective system for management and control of sensitive information as appropriate. In addition, access to vendor payment related data belonging to other agencies is restricted to employees who need the data to perform their assigned duties, and before access is granted:
- An employee must sign a Non-Disclosure Agreement (NDA) that includes the following statements:
- I will not access or use vendor payment information for any commercial or personal use or gain, but only to the extent necessary and for the purpose of performing my assigned duties as an employee.
- I will not directly or indirectly disclose, divulge, transfer (such as but not limited to, email, portable media, File Transfer Protocol (FTP), file location services), release, communicate, sell, or otherwise make known to unauthorized persons or any third party outside the scope of my position any vendor payment information during duty hours as well as non-duty hours or when not in use unless authorized by my supervisor, agency policy or applicable state law.
- I will not duplicate or reproduce vendor payment information except for the purpose of performing my duties as an employee.
- I will protect vendor payment information from unauthorized physical and electronic access in a manner which prevents unauthorized persons from retrieving the information by means of computer, remote terminal or other means.
- I will dispose of vendor payment information, in electronic or paper form, in an appropriate manner.
- I agree to abide by all federal and state laws, regulations, and policies regarding the safeguarding and disclosure of the information.
- Agencies may use an alternate in-house NDA form provided written approval from OFM is obtained.
- The agency security administrator must certify that that the employee has signed the non-disclosure agreement and needs access to other agency vendor payment related data to perform the employee’s assigned job duties. In certain cases, OFM must approve the request before access can be granted.
To get access to Enterprise Reporting vendor payment related data for other agencies, follow the instructions and fill out the forms at: http://www.ofm.wa.gov/resources/dataaccess.asp.
If an agency detects a breach in security related to vendor payment related data, the agency is responsible to follow the steps for breach as described in RCW 42.56.590 and notify the Consolidated Technology Services (CTS) Chief Information Security Officer, CTS Security Operations Center and the Washington State Patrol Computer Crimes unit. Additionally, the agency is to notify DES within one business day of discovering the breach and take corrective action as soon as practicable to eliminate the cause of the breach. DES may request a full review of the agency’s data security controls.