Policy Management 
    
    Dec 07, 2025  
HELP
Policy Management
Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Personal Catalog (opens a new window)

DG 1.06pr - Data Security Access : ctcLink Role Assignment - Segregation of Duties

SUMMARY/SCOPE
Segregation of Duties within the ctcLink system of record must be enforced. Any exceptions must be documented, approved, and monitored.

DESCRIPTION
Edmonds College closely monitors SOD within the ctcLink system of record to mitigate the risk of fraud, errors, and unauthorized access by ensuring that no single individual has complete control over a transaction or process, and that employees have access equating to no more/no less access than they need to complete their job functions as described in their Official Position Description. This procedure promotes accountability, prevents conflicts of interest, and strengthens internal controls. Edmonds College adheres to the Washington State Auditors’s Segregation of Duties Essential Internal Controls document, and follows the procedures outlined in ctcLink Security Audit Quick Reference Guide published by the Washington State Board for Community and Technical Colleges.

PROCEDURE DETAILS
Access to roles in ctcLink must, where possible, avoid giving conflicting access in these types of transactions:

  • Authorization: The approval or initiation of transactions.
  • Custody: The physical handling or possession of assets.
  • Reconciliation: The comparison of records to verify accuracy.

Best practice is that no single person should have control over more than one of these functions; however, no single person will have control over all three functions without an approved exception.

Exceptions:

In certain circumstances, it may be necessary to deviate from the segregation of duties principles. These exceptions will be carefully evaluated and documented to minimize risks. Employees, supervisors, and their respective PLT members will confirm exceptions with the Edmonds College Segregation of Duties Exception Acknowledgement form. Any exception for a PLT member must be granted by the President.

The IT ctcLink Security Team will review role conflict assignments at least annually and request supervisory re-confirmation. A list of role conflicts will be given to processors to address. No exceptions will be given where one employee would approve their own transactions, financial or otherwise. Employees who have moved positions within the college will trigger the security team to remove SOD role conflicts, if applicable, based on a new position description for the individual, or reaffirm the approval of the conflicts by new supervisors and executive leadership (respective PLT member). Annual role audits for the entire college will also be conducted.

RELATED POLICIES AND PROCEDURES
DG 1.0 Data Governance   
DG 1.02pr Data Security/Access  

SOURCE INFORMATION
Office of the Washington State Auditor: Segregation of Duties; Essential Internal Controls
ctcLink Reference Center: ctcLink Security Audit
Segregation of Duties Query - Finance
Segregation of Duties Query - HCM
Segregation of Duties Query - Campus Solutions
WaTech Access Control Policy

CONTENT OWNER. The primary responsibility for this policy belongs to:
Chief Information Officer

PRIMARY CONTENT CONTRIBUTOR (Director/Dean)
ctcLink Director/ctcLink Security Team

REVIEW PERIOD
Annually. Requires President’s Leadership Team approval.

REVIEW HISTORY
2025-Sept 22  Approved and adopted by President’s Leadership Team


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Personal Catalog (opens a new window)
Catalog Navigation
  Catalog Home
  Policy and Procedure Search
  My Personal Catalog