State of Connecticut Office of the State Comptroller MEMORANDUM NO. 95-66
COMPTROLLER'S SEAL STATE OF CONNECTICUT
STATE OF CONNECTICUT
NANCY WYMAN
COMPTROLLER
OFFICE OF THE STATE COMPTROLLER
55 ELM STREET
HARTFORD, CONNECTICUT 06106-1775
MARK OJAKIAN
DEPUTY COMPTROLLER


MEMORANDUM NO. 95 - 66

December 29, 1995

TO THE HEADS OF ALL STATE AGENCIES

Attention: Commissioners, Chief Financial Officers, Business
Managers, and Payroll Officers
Subject: Comptroller's Financial Systems Security
  1. PURPOSE

    The purpose of this memo is to advise all State Agencies of the importance of having appropriate internal controls over and within automated systems to ensure that transactions are properly authenticated and authorized.

    A key security issue in an automated system is unauthorized transaction processing. Guarding against unauthorized or inappropriate transaction processing is critical because of the integration of automated systems.

    An automated system concentrates accounting records and transaction processing capabilities in one system. Unrestricted access to automated systems compromises the controls provided by segregating duties and other safeguards that are usually part of manually operated systems.

  2. CONTROL ACTIVITIES

    Security in automated systems is imperative so that only those individuals authorized have access to on-line transaction processing capabilities. The initial request for user access to systems is done via Form CO-1057, Agency OnLine Security Form.

    Each agency must monitor the following to ensure that identification codes and passwords are properly effective:

  3. GUIDELINES AND PROCEDURES

    The Office of the State Comptroller is requesting each agency head to designate a single contact person and backup for the Comptroller's Financial Systems (Central Accounting System, Payroll System, and Retirement Data Base System). A list of designated agency contact individuals will be on file with the Comptroller's Computer Services Division.

    Complete the attached form and list the person(s) that should be contacted regarding User Identification and Password access to the Comptroller's Financial Systems. This form must be completed and received by the Comptroller's Office by January 31, 1995.

    When an agency needs to submit an Agency On-Line Security Form (CO-1057), the designated agency liaison should fax or mail the CO-1057 to:

    Office of the State Comptroller,
    Computer Services Division,
    55 Elm Street, Hartford, CT 06106
    Att: Carolyn LoGiudice

    or Fax No. (860) 566-1650

    The agency liaison will be contacted by the Comptroller's Computer Services Division when the Agency On-Line Security Form (CO-1057) has been approved and the identification code/password has been assigned. The liaison must then give this information to the designated user.

    In the event of a password problem, the designated user should inform the agency liaison, who should then contact the Comptroller's Office.

  4. QUESTIONS

Questions may be directed as follows:

On-Line Security:Office of the State Comptroller
Computer Services Division
Carolyn LoGiudice(860) 566-2160
Diane Irwin (860) 566-2160
Nayda Flores (860) 566-2160
Memorandum Interpretation
Policy Evaluation & Review Division(860) 566-5981

Nancy Wyman
State Comptroller

COMPTROLLER'S FINANCIAL SYSTEMS
AGENCY CONTACT PERSON
FOR AGENCY ON-LINE SECURITY

In the space that follows, please list the person(s) that should be contacted regarding Agency On-Line Security for the Comptroller's Financial Systems (Central Accounting System, Payroll System, and Retirement System). Payroll System add Level (2). Accounting System add agency number. Attach copies, if necessary, to provide for additional liaisons. One sheet per system.

Primary Contact

Backup Contact

Name ____________________

Name ___________________

Title ____________________

Title ___________________

Agency ____________________

Agency ___________________

Address ____________________

Address ___________________

____________________

___________________

Level(2)/Agency No. __________

Level(2)/Agency No.__________

Phone ____________________

Phone ___________________

Fax ____________________

Fax ___________________

Accounting_________ Payroll____________ Retirement_____________

Please return this response form by January 31, 1996. You can mail the form to:

Carolyn LoGiudice
Computer Services Division
Office of the State Comptroller
55 Elm Street
Hartford, Connecticut 06106

Or fax it to Carolyn LoGiudice at (860)-566-1650. Thank you for your cooperation and assistance.

ACCOUNTING, PAYROLL AND RETIREMENT SYSTEM SECURITY POLICY AT THE OFFICE OF THE STATE COMPTROLLER AND CATER

To control user access to on-line systems, restricted identification codes and passwords are assigned. The security for an on-line system should be controlled at the agency level. Internal controls are required to ensure that transactions are properly authenticated and authorized, and to ensure the accuracy, confidentiality, and integrity of data that is input and resides on automated systems. Consequently, appropriate internal controls are necessary over and within automated systems to eliminate or reduce the risk of exposure.

The following security policy is a guideline for protecting the information stored on the Central Accounting, Payroll and Retirement computer system. All agencies must adhere to these guidelines.

______________________________________________________________________________
Section I

Request for User ID/Password/Access Modification

  1. Each agency will authorize one contact person for each of the above on-line systems. The agency liaison will be responsible for requesting, receiving and notifying users of User Identification and Password information.

  2. All Agency On-Line Security Request Forms must be submitted by the agency liaison to the Office of the State Comptroller, Computer Services Division, 55 Elm St., Hartford, CT 06106 Att: Carolyn LoGiudice or Fax 566-1650.

  3. When the Agency On-Line Security Form has been approved and the system updated, the Comptroller's Office will then contact only the agency liaison with the user ID and password.

Back to Comptroller's Home Page
Back to Index of Comptroller's Memoranda