Security access to BusinessObjects is approved and reviewed by Authorized Security Requestors (ASRs). The primary responsibility of the ASR is to ensure that the proper security administration controls are followed at their institution(s) in regard to the BusinessObjects role authorizations held by the institution’s employees. As such, an institution’s User Reviewer is responsible for conducting the quarterly access reviews required by System Enterprise Applications and reporting these results during the BusinessObjects Quarterly Review process.
Performing these regularly scheduled reviews is an important responsibility that provides real security to the A&M System enterprise applications and its employees. The review also provides demonstrable proof of the System’s due diligence in regard to security, which could be important in the event of an external audit or a major security incident.