DBA CareerSource Pinellas

MANAGEMENT INFORMATION
SYSTEMS (MIS)
&
DATA SECURITY
 Security Awareness and Training
Initial/New Hire & Annual Refresher
O The purpose of this presentation is:

O To inform staff of the expectations and requirements for systems access

privileges and accountability
O Focuses on entire CareerSource (CSPIN) staff, supervision, its contracted
providers and partners that use a component or the entire system
O Designated to change behavior or reinforce good security practices
O To provide security awareness, training, education and professional
development
O To ensure an effective and on-going security awareness program
O Significant number of topics may be mentioned

O Federal and State Statute, Policy requirements, sanctions, safeguards and

penalties
O CSPIN Server and Email Rights
O Various Assigned Workforce MIS System Privileges
O Confidentiality and inherent Penalty of Misuse
O User Responsibilities
O Password usage and management
O USER-ID usage
O Rules of Behavior
O Email and Web usage
O Data Security
O Mobile devices and media
O Technical Assistance
O Guidelines to request support
Security Awareness and Training (Continued)

O Goal of Security Training

O Teach skills to perform a specific function awareness

O Focus attention on an issue or set of issues
O Must be provided on an on-going basis to all users
O Document initial and annual training
O Include confidentiality provisions, penalties, rules of
behavior that are expected
O Password creation, use, protection and management
O Logging off computing systems when not in use
O Locking computers when users are away from workstations
Authority and Purpose
O CareerSource supervisors and its internal Regional Security Officers are
responsible for administering MIS privileges, setting security rights,
providing security training of the UC program and is responsible for
ensuring policies, procedures and controls are adequate to protect the
security and integrity of all public data to include, but not limited to, UC
information.

O Subject to the following state and federal statutes and/or policy

guidance:
O OMB Circular A-130, Public Law 100-235,
O Florida Statute; 20 CFR 603 and sections 443.171(5) and 443.1715,
O Florida Statute; 45 CFR 205.50 and section 414.295,
O Florida Computer Crimes Act and
O Federal Statute referenced as HIPAA or the Health Insurance Portability and
Accountability Act of 1996.

O Purpose and intention is to provide WorkNet users information and

instructions to maintain security and integrity of multitude of data
accessed and used through various MIS systems.

O Customer and Employer information is confidential and is available only

to public employees in the performance of their public duties.
Confidentiality and Penalty for Abuse

O Regardless of access, there are restrictions and penalties on

the access, use, disclosure, and unauthorized access, use or
disclosure of information.
O Applicant, Participant, and Employer Information is
confidential per 443.171(5) and 443.1715, F.S. Medical and
welfare information is confidential under section 414.295 F.S.
and HIPAA
O System access privilege provides access to confidential
information and must be protected
O Is only available to public employees in the performance of
their public duties
O Any violation is a misdemeanor of the second degree and are
punishable as provided in 775.082 or 775.083, F.S.
 CareerSource Data Systems:
Internal systems
CareerSource Network
Public or G Drive
CSPIN Intranet
Microsoft Outlook
Electronic Filing System (E-Filing-Legacy and ATLAS)
Online Orientation Admin Site containing customer info
(Legacy and ATLAS)
MICROIX budget and voucher MIS
CareerSource Card Tracker

External via internal system

Internet
OWA
State agencies intranets
 Workforce MIS Systems
Assigned access and privileges to a
Workforce Management Information
System (MIS) may include:

Employ Florida Marketplace - EFM

One Stop System Tracking - OSST
One Stop Management Information System OSMIS
(limited access- as needed only)
Florida Online Recipient Integrated Data Access
FLORIDA
Unemployment Insurance Applications Connect
Employer and Wage Credit Information Suntax
CareerSource Server and Email
CareerSource Atlas Document Management System
Supervisor and Security Officer Roles and
Responsibilities

O Restrict system access privileges to authorized users.

O Use the system in an appropriate manner

O Ensure employees do not violate system privacy provisions

O Comply with confidentiality provisions

O Ensure initial and on-going security awareness and training program

O Ensure employees do not attempt to cause system malfunctions

O Terminate access privileges when access is no longer required

Staff or End User Responsibilities:

O Accept responsibility for the security and integrity of data and systems for
which access is granted
O Maintain User Identifiers (userIDs) required to access server, email, and MIS
systems
O Maintain password integrity:
O Use a combination of alpha and numerics as defined by MIS,
O Comply with password reset or change requirements,
O Do NOT use your name or personal identifiers,
O Do NOT share with anyone or request anothers, or
O Do NOT write it down
O Participate in security awareness and training sessions at minimum annually
O Protect data and system information from theft, loss, damage and
unauthorized disclosure and misuse and immediately report any such
occurrences
O Assist in maintaining the security and integrity of the data systems
O Restrict the use of applicant, participant and employer information for official
purposes only
O Do not abuse or maintain in an insecure manner and data or MIS information
from the workplace or store information on remote storage media devices
Review and Acknowledgement

Within the ADP or CareerSource payroll system

under resources, Career policies are posted and
available for staff review. Strict adherence is
required to policy guidelines.

HR department will assign review and

acknowledgement of these policies. Security
related policies are:

2016 System Access

2016 Personal Identifying Information;
2016 Electronic Communication and Social
Media
2016 Records Management
Rules of Behavior
O Extend to all personnel accessing and using MIS systems, data, or equipment
O Do not remove confidential data or equipment from its official location
O Do not store unsecured confidential data on personal equipment
O Do not use access privileges for personal gain
O Do not disclose sensitive or confidential information
O Never share passwords or userIDs
O Delete access and review access as needed
O Restrict access to confidential applicant, participant and employer
information
O Do not knowingly transmit, retrieve or store any electronic communication
that is:
O Discriminatory or harassing,
O Derogatory to any individual or group,
O Obscene or sexually explicit,
O Defamatory or threatening,
O In violation of any license governing software usage, or
O Illegal or contrary to WorkNet policy or business interests.
O Abide by all federal and state statute, applicable security policies and
procedures
CareerSource Server
& System Access

Network includes email and WorkNet server access is

password protected
Access & password provided through WorkNet
Information Technology Department IT
Server or G Drive access is available after receiving
network user id and password
E-mail account is set up by IT and is available with
network access account
External or OWA access is available with internal email
access
WorkNet E-mail Guidelines
These guidelines refer to all staff and all electronic communication
conveyed using the WorkNet Pinellas (d.b.a. CareerSource Pinellas) email
account:

@ Is Not Private
@ Is the property of WorkNet Pinellas
@ Messages sent outside WorkNet or email server are not secure
@ Do not share e-mail accounts or passwords
@ Offensive, demeaning or disruptive messages are prohibited

Internal/External Email Security

@ Never send social security numbers via e-mail
@ Never open an attachment from someone you do not know
@ Never forward chain mail

Note: Mandatory Completion annually of the Computer Use Policy Agreement and
DEO Mandatory Agreement located in ATLAS under MIS Security file.
Protection of PII
Under Federal and State guidelines, CSPIN staff have
access to and manage participant information highly
confidential and protected under law.
This customer information is called Personal
Identifying Information (PII)
Staff protocols and management must comply with the
following steps:
When PII information is not needed, do not save or send PII
Staff should make use of EFM StateID and/or OSST ID when
tracking or referencing a customer with customer last name
If saving or sending of PII is required, the CSPIN protocols should
be followed:
Documents should be password-protected and encrypted.
Emails containing attachments with PII should be encrypted using
CareerSource email encryption available within CSPIN outlook.
Staff shall avoid inclusion of PII in the body of the email

Reference: CareerSource Policies; 2016 Personal Identifying Information; 2016 Electronic

Communication and Social Media; 2016 Records Management; and 2016 System Access
Data and PII Security
Data is obtained in the following ways:

Applications
Customer Service
Interviews
Orientations
Workshops
External documentation
Various MIS systems
Data Security Best Practices
O Do not discuss customer information with others
O Do not discuss customer information on phone or with co-
workers in an environment or manner in which customer
confidentiality is not maintained
O Do not request personal protected data in open areas from
customer, i.e. office lobby, hallway, etc.
O Do not leave customer documents in unsecure locations, i.e.
desks, copiers, file cabinets, clip boards.
O Documentation that is currently being worked on should be placed in a desk
drawer, file cabinet drawer.
O Copiers, Fax machines, and clip boards should be monitored at the end of
each day for any documentation containing customer information
O Do not download protected data on jump drives, CDs, etc.
O Do not keep hard copy documentation of forms already
uploaded to queues or customer files.
Data Security-Medical Documents
Must secure all documentation in secured environment;
WorkNet e-filing or separate locked storage file

Must not release medical information to third party

Must not discuss medical information in shared office

areas

Information sharing only with written authorization

Data Security-DV & HIV/AIDS
Must comply with all requirements above for Medical
documentation

May not be stored in WorkNets e-Filing system

May only be stored in a separate locked and secure file

May not be annotated in any MIS system such as an OSST or

EFM case note or Florida CLRC
System Security Best
Practice

LOCK YOUR COMPUTER

WHEN LEAVING
UNATTENDED

To lock keyboard: Hold Ctrl, Alt and Del keys at same

time when message box pops up click lock computer
Mobile Devices and Media
O Portable devices capable of storing or processing data such as
laptops and PDAs

O Mobile media are portable devices capable of storing data

such as thumb drives, DVDs and CDs

O The use of mobile media and devices increases risks, threats,

and vulnerabilities of data being disclosed, altered, lost or
stolen and lacks the Agencys firewall protection

O The use of mobile devices and media are limited and must be
approved by management
Potential Penalties:
O Users who do not comply with the confidential provisions in user agreements
and prescribed rules of behavior are subject to administrative penalties
available through existing policies, procedures, rules, regulations and federal
and state statutes

O Loss of system privileges

O Reprimands

O Temporary suspension from duty

O Removal from current position

O Termination of employment

O Criminal prosecution

O Fine up to $500 or a term of imprisonment not to exceed 60 days

 Technical Assistance
O Security Standard Operating Procedures (SOP) maintained on
the G drive under Security folder and Staff security
agreements maintained by IT and RSOs on an annual basis
O All questions should be directed to the appropriate contact
below:

IT and Regional Security Officers (RSO):

For IT Support to include WorkNet server,

connectivity, or email assistance:
O Brandon Pham, IT Support and Technical Assistance

For Workforce MIS System Support:

Don Shepherd, Primary RSO
Lysandra Montijo or Marsha Safarik, Intensive Services
RSO
Staff IT and MIS Support:
System Access, Connectivity Support & Password
Resets

IT Support or Assistance:
Check with your supervisor for assistance as your first step
IT assistance or requests are initiated by completion of an IT
support ticket accessed via your desktop
IT assistance may also be requested by supervisors through
direct email request and ensure a copy to appropriate
manager

Password Resets:
E-mail request directly to security officer
Copy your supervisor on the e-mail
Specify which system needs to be reset
State if request is to reset access and/or password
Send your username or user id
Never include your password
 System/Data Security
Please send any questions,
comments, or suggestions to:
Lysandra Montijo
lmontijo@careersourcepinellas.com
Or
Don Shepherd
dshepherd@careersourcepinellas.c
om
THE END