On/Off-Boarding FEWS NET Staff from Project Accounts
Updated November 25, 2020
As the provider of services to members of the larger FEWS NET team, the Hub is responsible for managing several accounts, applications, and platforms required by others in that team. Examples include:
The fews.net Domain email accounts;
The fews.net Content Management System (CMS) Permissions;
Hub-developed platforms such as the FEWS NET Data Warehouse (FDW) and FEWS NET Data Explorer (FDE); and
Commercial platforms, such as Mailchimp, Jira, and Hootsuite;
The FEWS NET Learning Platform (FLP)
To meet USAID compliance requirements and operate using best practices, the Hub institutes the following principles for coordinating account access across the FEWS NET project.
Each FEWS NET implementer is responsible for maintaining oversight of its users and notifying the Hub in a timely manner for both incoming and outgoing staff via the Helpdesk Portal.
Requests should include the systems or accounts that the incoming or outgoing staff member should have, or previously had access to.
The Hub will inform the user and supervising team member once the new account has been created. In the event of an account being decommissioned, the Hub will inform the supervising team member once the account is removed.
Security Implications
There are significant security implications and risks involved if an on-boarding and off-boarding account management policy is not implemented, especially as the FEWS NET program continues to grow and evolve into new phases. The following security risks exist to the FEWS NET project until an account management process is in place:
Offboarded and former staff could hold access to systems and data that are proprietary to the FEWS NET project;
Should former employees attempt to log onto project systems, it will likely be outside the company or project-installed firewall(s), exposing FEWS NET systems to potentially harmful outside intrusion;
There is greater risk for persons who were never FEWS NET staff to gain access to accounts of offboarded project staff if those members’ accounts are not disabled immediately following their departure from the project.
On-Boarding/Off-Boarding Process
In event of on-boarding new FEWS NET staff, a designated implementing partner team member shall complete a New User Request via the Helpdesk Portal with the following information:
Name
Title
Organization (i.e., USAID, Hub, Early Warning, Science, or Livelihoods Teams)
Email (can be corporate email, in case the request is for new fews.net address)
Phone Number
*Platforms/systems requested on behalf of the new user, which may include:
G Suite/email for fews.net accounts;
FDW;
FDE;
fews.net CMS (see Exchange page for more information);
Mailchimp;
Hootsuite;
Google Analytics;
Jira/Confluence
*Project-wide meetings (if required), hosted by the Hub unless otherwise noted:
Monthly Collaboration meeting;
Data Management Platform Sprint Demo meeting;
Data Management Platform Sprint Planning meeting;
Web Sprint Planning and Demo meeting;
Communications Working Group;
Data Stakeholders meeting (EW hosted);
FAOB (EW hosted);
Training sessions (EW hosted)
Distribution Lists to be added to (if applicable)
FDE/FDW Account Request Details (if applicable)
Once this information is received, Helpdesk staff will inform both the designated team member and the new staff member that the new account(s) is/are ready for use, and how to access it/them.
In event of off-boarding FEWS NET staff, a designated implementing partner team member shall complete a Decommission Account Request via the Helpdesk Portal, and include the following information:
Name;
Fews.net email;
Last day on FEWS NET project;
Systems the user had access to;
Distribution Lists to be removed from;
Project-wide meetings attended.
Once this information is received via the Helpdesk Portal, Helpdesk staff will make the necessary changes to the user’s accounts(s) and remove their access wherever appropriate.
Quarterly Review Audit Process
Every 30 days, user accounts across our systems will be scanned for activity. Accounts that have been inactive for 60 days will receive an email notification, recommending that they log into that account in order to preserve active status.
If the user does not log into an account within a 90-day period, that user will not have access to that account. That account will not be deleted, however. Should the user require access after 90 days, the user will be required to email Helpdesk@fews.net for re-activation.