TBR--IT--Procedures Manual

Table of Contents
Tennessee Board of Regents
Information Systems Department
Procedures Manual

SECTION ONE: ADMINISTRATION

TBR COMPUTING OBJECTIVES..................................................................................... 1

ADMINISTRATIVE GUIDELINES.................................................................................... 2

ORGANIZATIONAL STRUCTURE................................................................................... 2

EMPLOYMENT PROCEDURES........................................................................................ 3

PROCEDURE COMPLIANCE REPORTING..................................................................... 4

ANALYSIS OF DAMAGE POTENTIAL............................................................................ 4

AUTHORIZATION OF USE............................................................................................... 5

ANNUAL LEAVE............................................................................................................... 5

REQUEST FOR SERVICES................................................................................................ 6

OPERATIONAL HOURS.................................................................................................... 7

USER RESPONSIBILITY................................................................................................... 7

MANAGEMENT CONTROLS........................................................................................... 8

PRIORITY ESTABLISHMENT AND PROJECT APPROVAL.......................................... 9

REVIEW OF HARDWARE PERFORMANCE AND APPLICATION SYSTEMS............ 9

DOCUMENTATION REVIEW........................................................................................... 9

PRIVACY POLICIES.......................................................................................................... 9

SECTION TWO: COMPUTER CENTER OPERATIONS

THREAT OF FIRE............................................................................................................ 10

COMPUTER CENTER EMERGENCY EQUIPMENT..................................................... 10

COMPUTER CENTER SECURITY.................................................................................. 11

ENVIRONMENT.............................................................................................................. 12

COMPUTER CENTER HOUSEKEEPING....................................................................... 12

COMPUTER EQUIPMENT MAINTENANCE................................................................. 13

TAPE LIBRARY................................................................................................................ 13

HARDWARE/SOFTWARE CHANGES............................................................................ 14

SECTION THREE: DISASTER PLANNING

CONTINGENCY PLANNING........................................................................................ 14

DISASTER RECOVERY................................................................................................... 15

SECTION FOUR: SYSTEMS DESIGN AND PROGRAMMING

INTRODUCTION TO SYSTEM DESIGN AND PROGRAMMING.............................. 16

WHY DO WE NEED DOCUMENTATION?.................................................................... 17

SYSTEM NARRATIVE..................................................................................................... 18

SYSTEM MANAGEMENT............................................................................................... 18

DATA DESCRIPTIONS.................................................................................................... 19

DATA PREPARATION..................................................................................................... 20

FILE SPECIFICATIONS................................................................................................... 21

PROGRAM SPECIFICATIONS....................................................................................... 21

PROGRAM MODIFICATIONS........................................................................................ 22

Table of Contents Continued

Tennessee Board of Regents

Information Systems Department

Procedures Manual

REPORTS.......................................................................................................................... 23

USER PROCEDURES....................................................................................................... 24

PROGRAMMING STANDARDS..................................................................................... 24

MANUALS........................................................................................................................ 28

SYSTEM TEST.................................................................................................................. 29

SYSTEMS PROGRAMMING........................................................................................... 32

PROJECT MANAGEMENT.............................................................................................. 33

SYSTEM DEVELOPMENT.............................................................................................. 35

OPERATIONS PROCEDURES........................................................................................ 40

Section One: Administration

TBR COMPUTING OBJECTIVES

In support of its primary purpose, the Information Systems department of the Tennessee Board of Regents has developed the following computing objectives.

1. Computer resource utilization must assist the TBR staff in achieving its goals and it should not be regarded as a means unto itself.

2. Computing resources are to be utilized where economically feasible to do so and only when it is beneficial to the Board.

3. The computing facilities provided should be regarded as a Board resource for the total Board staff to avail themselves of.

4. Similarly, computerized data should be viewed as a major TBR resource and the use of computing is seen as a means to satisfy user needs for data and related information where possible. There is, however, an obligation to observe overall Board policy toward the availability of such data.

5. Users should have a voice in determining the allocation of computing resources to be utilized with the Chancellor having the final authority and responsibility for their use.

6. The operation of the computer and software systems must adhere to Federal and State laws. Similarly, these operations should conform to good standards and practices associated with providing data processing services.

7. TBR staff will conform to policy, procedures, and guidelines for the operation of computing resources, as specified by the governing body (Board), Chancellor, and/or Division of State Audit.

8. TBR is committed to the approach of developing a Management Information System by using IA software and other software to provide the resources and methods which will satisfy the administrative needs of the TBR staff.

9. Where feasible, the direct utilization of the computer resources should be delegated to the user and/or user department but, will not include programming languages such as COBOL. It is the responsibility of the office of Information Systems to provide programming support for all offices.

10. Good rapport with computer centers of our institutions, other educational and area computer centers should be maintained with the objective of providing channels of open communication for free flow of data processing information and for possible support.

11. The staff of Information Systems is to support the institutions in any modification and release of Information Associates software on DEC hardware. However, this support should not be at level where it would affect the TBR functions.

1‑1 ADMINISTRATIVE GUIDELINES

The role of Information Systems is to serve the institutions and TBR Administrative Users in a matter to ensure optimum utilization of the data processing resources.

This is to be accomplished by the following guidelines:

A. Scheduling of routine daily jobs will be the responsibility of the computer programmer(s). In the event of a conflict, the Assistant Vice Chancellor for Information Systems or his designated representative may establish the priorities. The Vice Chancellor may be consulted if the conflict can not be resolved to the satisfaction of the affected user.

B. Each user is responsible for requesting program changes. These changes should be requested as far in advance as possible to provide for adequate scheduling and allow for completion and testing of the change.

C. Each system development or major modification project will be evaluated by the Director of Computer Services and scheduled based on priorities set by the Assistant Vice Chancellor for Information Systems.

1‑2 ORGANIZATIONAL STRUCTURE

The organizational structure of the Information Systems will be such as to provide maximum service to all users within the resources available and the limitations imposed for the separation of duties and responsibilities.

A. The organizational structure of Information Systems must clearly separate (as much as possible) the functions of systems design, programming, and computer operations.

B. The Information Systems is an integral part of the Information Technologies and the Assistant Vice Chancellor for Information Systems reports to the Vice Chancellor for Information Technologies.

C. The Information Systems organizational chart and the location of Information Systems in the TBR organizational structure of the department based on functional guidelines and its reporting relationships.

1‑3 EMPLOYMENT PROCEDURES ‑ EVALUATION AND TERMINATION

Employment procedures will comply with the policies of the Tennessee Board of Regents and the laws of the State of Tennessee. Affirmative action and equal opportunity guidelines will be followed. In addition, the following guidelines will apply:

A. Since Information Systems personnel deal with critical data files containing confidential information, the successful candidate for all positions must be honest, trustworthy, and have a sense of responsibility.

B. An individual's dedication and commitment to the TBR must be evaluated. Personnel turnover must be maintained at the lowest practical level.

C. Professional and character references will be required and checked before employment.

D. Transcripts will be required and checked before employment.

E. Prospective employees will be interviewed by as many employees of Information Systems as possible.

F. Prospective employees will be informed of the job description, work conditions and restrictions, vacation and leave policies, benefits, and other personnel matters policies relative to their work.

G. Prospective employees will be informed that they will be on probationary status for six months. If their performance is not satisfactory, they may be terminated at any time during the probationary period.

Personnel Evaluation

All employees will be evaluated at the end of the fiscal year by the Assistant Vice Chancellor for Information Systems and/or Director of Computer Services. The evaluation process will provide time for two‑way discussion and processes of appeal shall also be available.

Employee Termination

For employee termination, the Office of Information Systems will comply with the TBR policies as covered in the TBR Policy Manual section 5.

In‑Service Education

Each employee will be kept informed of the changes and standards and procedures, computer policies, hardware changes, personnel regulations and organizational changes as they relate to his/her job. It is the responsibility of all supervisors that their employees must follow all standards and procedures as they apply to the individual employee.

1‑4 PROCEDURE COMPLIANCE REPORTING

It is the responsibility of the Assistant Vice Chancellor for Information Systems and other staff within Information Systems to insure compliance with The Standards and Procedures Manual.

A. The Director of Computer Services will periodically review staff members' work to insure compliance with Standards and Procedures.

B. The Director of Computer Services will periodically review the procedures of the on‑line users and make recommendations to encourage the security of the data and network.

C. Noncompliance with the Standards and Procedures manual must be corrected immediately. Continued violations will be reported to the Assistant Vice Chancellor for Information Systems.

1‑5 ANALYSIS OF DAMAGE POTENTIAL

Systems utilization will be continuously monitored to protect against any situations which have the potential for loss, embarrassment or litigation to the TBR or State.

A. The Assistant Vice Chancellor for Information Systems along with other staff will monitor all data processing resources in an effort to detect and prevent any of the following:

1. Unauthorized use of the computing resources

2. Unlawful use of computing resources

3. Interference with other users of the resource or monopolizing the available resources to the extent of denying other fair access

4. Unauthorized disclosure, modification, or destruction of data files, reports, source programs, and documentation manuals.

B. The Assistant Vice Chancellor for Information Systems will report all violations to the Vice Chancellor for Business and Finance.

C. If violations should occur the situation will be analyzed and action taken to neutralize the potential of its recurrence.

D. In an effort to check on any unauthorized use of computing resources, the System Manager will review weekly the following report and notify Director of Computer Services and/or Assistant Vice Chancellor for Information Systems in case of an exception.

Operator log ‑ a check is also made of the operator log for possible problems. If problems such as Security Alarm File Access Failures are noted, a check is made of these.

SYS530R - User Authorization Exception report identifying the user accounts with typical characteristics such as log failures and inactivity.

1‑6 AUTHORIZATION OF USE

Use of the computing resource will be authorized if utilization is in compliance with the goals of the TBR office and proper approvals are obtained.

A. Any use of the computing facilities contrary to the guidelines "Use of VAX/VMS Computer System" may be termed misuse and appropriate action will be taken.

B. Software development by any TBR staff or any authorized person on TBR time or equipment becomes the property of the Board. Any exception to this must be requested in writing and approved by the Vice Chancellor of Business and Finance or his designated representative. If the proper authorizations are not obtained, disciplinary action may be taken by the chancellor.

1‑7 ANNUAL LEAVE

The purpose of annual leave is to provide all regular full‑time and part‑time employees with regular periods of rest and relaxation away from the work environment. The appropriate approving authority may require key administrative employees to take a certain number of consecutive days of annual leave each year.

All personnel entitled to accrue annual leave may request use of annual leave at any time preferred by application to their proper approving authority. Such requests are subject to the discretion of the approving authority, who is responsible for planning the work under his or her control, and should be approved only at such times as the employee can best be spared.

In an effort to plan the work in Information Systems, Information Systems employees are requested to use the following as a guide when requesting leave.

A. Annual leave for one or two days can be requested with a minimum notice.

B. Annual leave for three to five days can be requested with a minimum of five working days notice.

C. Annual leave in excess of five days can be requested with a minimum of ten working days notice.

D. In the event of conflicts between two personnel requesting leave within the same time period, it will normally be resolved by granting the request of the employee with the most accumulated annual and compensatory (when applicable) hours. The next request will then be considered.

E. Annual leave for emergencies may be requested with a minimum notice and is not restricted to the above.

F. Timekeeping Record form must be filled by all employees regardless of their classification at the end of each month. This form reflects only the days the employee is absent due to some reason and indicates the type of leave and number of hours used. The record as reflected in this form should be verified by the designated timekeeper and also requires the signature of the employee's immediate supervisor.

1‑8 REQUEST FOR SERVICES

Problem Reporting

A user experiencing a problem with any software should fill out a work order request and forward to the Director of Computer Services for for approval and assignment. The analyst/programmer will determine the problem and inform the user of an interim solution if possible. He/she will document the solution or process and notify the user and have the form signed by the Director of Computer Services.

Program Modification and Addition

The following steps are to be followed for system modification and additions.

A. Upon receipt of a Computer Services Work Order Form the analyst in charge of the system along with the Assistant Vice Chancellor of Information Systems and/or Director of Computer Services will review the request. Should the request be considered a major modification (would require more than 10 days of effort) or should there be a need of additional information, the department (requester) will be asked to supply the information.

B. Upon completion of the project, the analyst/programmer in charge of the system will verify that the specifications have been met before the program is released to the user.

Internal Departmental Services Request

When Information Systems personnel perceives a need of the TBR not observed by user departments or offices, or where the department perceives a need which may enhance its own operation, it may originate a work order in order to perform the task.

New System and Major Modifications to Existing Systems

A. Upon receipt of a Computer Services Work Order Form, the Director of Computer Services will review the request and assign an analyst to the project to conduct the study etc. It is to be understood that this study should include hardware as well as software considerations.

B. Upon assignment of staff to conduct the study, a work order number will be assigned and a study will be initiated.

C. Meetings as required will be held during the system study process in an effort to keep the user informed and to get additional information as required.

D. After completion of the project and having verified that the system specifications have been met Information Systems will release the system/programs to the user.

1‑9 OPERATIONAL HOURS

The Information Systems office provides continuous operation of the VAX 6330 computer. The only interruption is downtime due to problems, scheduled downtime to update software, and scheduled preventive maintenance services performed by Digital once every three months. Whenever possible, as much time as feasible will be given to users warning them of impending system shutdowns.

1‑10 USER RESPONSIBILITY

In serving the user there are certain responsibilities that Information Systems and the user must assume. The following is an itemization of these responsibilities and/or indication to whom they belong.

A. Information Systems will make every attempt to insure accuracy of the work by programming diagnostics, spot checking, testing, and editing. In most work, test runs should be reviewed by the user before production runs are made.

B. As the final authority, it is the user's responsibility for the accuracy of the work.

C. It shall be the user's responsibility to ensure safe keeping and disposal of all listings after they leave the center. It shall be the responsibility of the computer center to insure the safe keeping and disposal of all listings that do not leave the center.

D. The user should make every attempt to give a sufficient lead time for critical processing to take into account the possibility of equipment malfunction, power failure, or system crash.

E. The Information Systems staff will make every attempt to schedule the computer center operation so as to meet user deadlines.

F. The Information Systems staff will inform the user promptly of any system malfunction that will impact a critical deadline.

1‑11 MANAGEMENT CONTROLS

It is the responsibility of Assistant Vice Chancellor for Information Systems that adequate controls are exercised to insure that the objectives of the Information Systems Department are achieved and maintained.

A. Sufficient checks and cross checks are done to insure that accuracy requirements are maintained to assure user satisfaction.

B. Schedule the work so that all deadlines will be met in a routine and timely fashion. Check points should be established for all critical time frames so that alternate corrective action may be taken if needed.

C. The Information Systems expenditures should be monitored continuously to insure that uninterrupted operation can be maintained for the entire fiscal year.

D. Inventories of supplies should be maintained and closely monitored to insure uninterrupted operation.

E. A weekly/monthly report will be produced detailing the following:

1) Computer Center Work Order Report (JAS560)

2) Personnel Allocation by Function (JAS540)

3) TBR Time Report (JAS530)

4) Outstanding Work Orders (JAS330)

1‑12 PRIORITY ESTABLISHMENT AND PROJECT APPROVAL

A list of new applications and proposed changes to existing applications will be established each year as part of the MBO process.

The Assistant Vice Chancellor for Information Systems/Director of Computer Services will hold review and planning meetings with the department staff as needed. Current operations and projects are reviewed and detailed plans are made for the coming months. Any conflicting deadlines which cannot be met due to lack of resources will be noted and turned over to the Vice Chancellor of Business and Finance for resolution.

1‑13 REVIEW OF HARDWARE PERFORMANCE AND APPLICATION SYSTEMS

The Assistant Vice Chancellor for Information Systems is responsible for review of the effective and efficient use of the hardware and software systems. Regular reviews of statistics of hardware efficiency of application systems will be conducted.

1‑14 DOCUMENTATION REVIEW

All Information Systems documentation should be reviewed periodically to ensure accuracy and validity of content.

A. The Data Processing Standards and Procedures Manual will be reviewed annually and revised as needed.

B. The Assistant Vice Chancellor for Information Systems will review all new and revised documentation for final approval before distribution.

C. Systems, users, and operations documentation will be revised as needed when modifications are required and/or made to a given system.

1‑15 PRIVACY POLICIES