MISSION: Northland Pioneer College provides educational excellence that is affordable and accessible for the enrichment of communities across northeastern Arizona.

Auditing User Account Activity

Procedure 2211

AUDITING USER ACCOUNT ACTIVITY 

Procedure 2211 

Proposer: Michael Jacob 

Section: 2200s – Technology Advancement & Support 

Last Review Date: 06/25 

Responsible Area: Technology Advancement & Support 

Effective Date: 09/10/25 

Policy/policies the procedure is based on: 1138 

 

Procedures that may be impacted by revisions: List any procedures to check when revising. 

Revision History: 8/30/2019; 10/02/2023, 03/06/25 

1.0 Scope

The procedure applies to all regular and administrative users of the Enterprise Resource Planning [ERP] system (Jenzabar CX).

2.0 Purpose

This procedure outlines how Northland Pioneer College [NPC] shall monitor system access for unusual or suspicious activity to protect data from the risk of theft, manipulation, or misuse of financial, sensitive, or confidential information from unauthorized access and user behavior

3.0 Definitions

3.1 Enterprise Resource Planning [ERP] system – Higher education ERP systems manage and automate workflows at colleges and universities. They standardize and streamline the flow of information between all business functions and departments within an institution. This is made possible by the ERP combining the functionality of multiple systems such as a Student Information Systems [SIS], school administration software, human resources, and financial management. NPC’s current ERP is Jenzabar CX.

4.0 Procedure

4.1 Monitoring User Activity of Administrative User Accounts

The Director of Enterprise and Data Systems or Designee needs to be able to correlate all super user activity in logs.

The SUSE Linux server that hosts Jenzabar CX, maintains a list of 'super users' in a file. When a user that is included in this file attempts to execute a command as a substitute user, the attempted command is logged in a separate file. These records are imported into the Jenzabar database on a regular basis. The records are included in a report, which is used for performing audits of substitute user commands. Additionally, a log of failed Jenzabar CX login attempts is emailed daily.

4.2 Annual Review of User Activities

Supervisors shall review and confirm employee access rights annually to ensure alignment with job functions. The Director of Enterprise and Data Systems or Designee will provide supervisors with a list of assigned access rights. Supervisors must verify accuracy, request necessary adjustments, and report findings to the Technology Advancement and Support [TAS] division who will implement approved changes to maintain security and compliance.

5.0 Inquiries

Direct inquiries about this procedure to: Chief Information Officer [CIO]