TO: County Directors of Social Services
County Security Officers
DATE: December 28, 2010
SUBJECT: New Automated e-IRAAF
Over the past few years, since the inception of the Information Resource Access Authorization Form (IRAAF), counties have experienced delays in granting and revoking system access for employees. In an effort to alleviate this delay, a new automated solution has been developed. This system replaces the paper version of the IRAAF. This new tool makes it easier and quicker to grant or revoke system access for employees.
The e-IRAAF has been piloted over the past several months by two State divisions and 13 counties. Several enhancements have been added to the system based on feedback from the pilot counties and divisions. The statewide roll-out of the
e-IRAAF is scheduled for the week of January 3, 2011.
To access the e-IRAAF, you must have access to the tool in the CICSNC26 region. An instruction document for accessing the system and completing the screens is attached to this letter.
In order for you to have access to the system, you must be identified as a county Security Officer or backup at the DHHS Customer Support Center (CSC). We will add the individuals on file with the CSC as county Security Officers or backups into the system. If you do not have access, please contact the CSC. Security Officer updates must be submitted to CSC using the Security Officer Change Authorization Form (Appendix 5) in the Information Security Manual. This form must be submitted to the CSC for processing. An email address must be listed on the form for the Security Officer and backup. It is recommended that counties review their Security Officers list at least every 6 months.
Counties should implement procedures for requesting and revoking access using this tool in their county. For example, several pilot counties have requested that supervisors in the county have access to the e-IRAAF tool so they can begin the systems security process. This process allows the supervisor to electronically send the e-IRAAF to the county Security Officer who will review the screens for accuracy before submitting the request to the CSC. This will prevent counties from having to save signed copies of the IRAAF for verification purposes. If your county would like to use this option, supervisors will have to be added as users in the tool. This may be accomplished by emailing a county supervisor listing to DHHS.Security.Request@dhhs.nc.gov.
The e-IRAAF has audit capabilities that will be used to verify who requested access to State Information Systems. A reporting function of the tool is being developed. These reports will make it easier to verify the systems access a user has been granted. This will be useful when completing the Annual Reviews, which will also be completed via the e-IRAAF tool.
Keep in mind that “old” IRAAF information (that is, information submitted previously via the paper form) will not be available in the e-IRAAF. The only information you will be able to see in the tool is the information that you key beginning the week of January 3, 2011 (or sooner if your county was in the pilot). As e-IRAAF requests are submitted via the tool, eventually all employees’ information will be available to you.
Security Officers are responsible for ensuring that appropriate access to State Information Systems is requested for all users. Security Officers must review and approve all e-IRAAF requests prior to submission to CSC.
Appendix 11 of the Security Manual lists many of the DSS systems, the abbreviations used to identify the systems, and the staff who would be appropriate users of each. This Appendix should be used as a guide when requesting access.
For more information regarding Security Officers’ responsibilities, please refer to the Information Security Manual.
All requests for State Information Systems access must be completed via the e-IRAAF tool. Paper versions of the IRAAF will no longer be accepted.
You may monitor the status of requests submitted via the e-IRAAF tool. Please refer to the instructions attached.
The change from the IRAAF paper version to the e-IRAAF tool supersedes the IRAAF instructions in the Information Security Manual. This manual will be updated in the near future.
We anticipate that counties may have difficulty in the transition from the paper IRAAF to the e-IRAAF tool. However, we hope that after using the tool, you find that it makes managing access to the State Systems easier.
If you have questions regarding the new e-IRAAF, please contact the CSC at 919-855-3200, option 2.
Sherry S. Bradsher, Director
Division of Social Services
Craigan L. Gray, MD, MBA, JD, Director
Division of Medical Assistance
Dennis W. Streets, Director
Division of Aging and Adult Services
Deborah J. Cassidy, PhD, Director
Division of Child Development
cc: Lanier Cansler, DHHS Secretary
Dan Stewart, DHHS Assistant Secretary for Finance & Business Operations
Karen Tomczak, DHHS Chief Information Officer
Pyreddy Reddy, DHHS Chief Information Security Officer
For questions or clarification on any of the policy contained in these manuals, please contact your local county office.