When was the last time you reviewed your SCM and Director security?
By Paul Richardson, Senior Consultant
RLR Management Consulting, Inc.
Function codes in the Security Control Module (SCM) often change as new releases are delivered from Fiserv. If you are using SCM groups, overrides at the user level are sometimes necessary but it is very easy to overlook these overrides when an end user changes positions. This can cause a toxic combination of access for users and potentially open the bank to additional risk. A common example of this is temporary role changes. A teller might be asked to step in and perform a file maintenance project, access is given as an override at the user level, but the access isn’t removed after the project.
Director security can bring another set of challenges and often doesn’t sync up to SCM access. Inconsistencies such as a user having access to DDA System reports in Director but no access to DDA in Navigator. Another example is when users are restricted from looking at employee accounts in Navigator, but those users can find the information in the Director reports.
RLR can assist in reviewing the security parameters, provide best practices, User to Access code conversions, SCM Group setup and technical advice. Please contact Paul Richardson for additional information at [email protected].