GAIL System Access and Security Policies

Tags GAIL

Table of Contents

  1. User Access
    1. Obtaining User Access
    2. Closing User Accounts
    3. Mobile Access
  2. Security Levels
    1. Requesting and Maintaining Query Access
  3. Training
  4. Requesting Data
    1. Alumni Requesting Their Own Data
    2. GAIL User Requesting Data Lists
    3. Non-GAIL User (UGA Employee) Requesting Data Lists
    4. Non-UGA Employee Requesting Data Lists (Usually a Volunteer)
    5. Outside Vendor Requesting Data Lists for Solicitation
    6. Outside Vendor Requesting Data Lists for Printing Only (No Design or Consulting Work)
    7. Campus Mail Processing Data Lists for Printing/Mailing Only
    8. Authorized Royalty Contracts
    9. Non-University Entities Marketing Their Own Product or Services
  5. Data Standards
    1. Current Student
    2. Alumni
    3. Matriculate
    4. Faculty/Staff
    5. Solicit Codes
    6. Education
    7. Expiration Date on Communication Code
  6. E-Mail Usage
  7. Reporting Issues or Making Suggestions

User Access

Only UGA employees with a need for the information within GAIL to fulfill their employment responsibilities shall be granted access once all requirements noted in Policy 6. “System Access, Security, and Compliance” are met.

Obtaining User Access

GAIL users must be an employee or student employee for UGA. To obtain access to GAIL, individuals must submit a request by following this link. The form includes a non-disclosure agreement and must be signed by the supervisor of the employee requesting the access. The user must have a myID through EITS before being considered for access. Once access is approved, new users must complete a basic training course. To view or schedule training, visit the GAIL training site (https://support.dar.uga.edu/GAIL/access/).

Closing User Accounts

User accounts will be closed per Board of Regents requirements within five business days of an employee transfer, retirement, or termination.  In the case of a transfer, the employee may re-apply for access by completing the request form and submitting it with their new supervisor’s signature.  The need for training will be reviewed on a case-by-case basis.  If a similar job function is performed then no training may be required.  If job functions change significantly, then the training group reserves the right to require appropriate training on the system function before the user is granted access.

User accounts will also be closed if no sign-in occurs within six months.  This ensures access to the system is limited to employees who have a legitimate need as part of their regular job functions.  Access will be removed automatically and employees may request reactivation through normal channels.  If more than one-year has lapsed since the last sign-on then the employee will need to fulfill training requirements.

Mobile Access

Mobile access to the GAIL application is available through a secure connection.  When logged in to the GAIL using a mobile device, authorized users are connected to a highly secure, encrypted environment that does not require a separate connection.  Simply pick the “Mobilize” option from the GAIL login screen.  When traveling or not on a secure connection, use the EITS provided Virtual Private Network (VPN).  Instructions for establishing a VPN on your device can be found at http://eits.uga.edu/access_and_security/infosec/tools/vpn.  GAIL will not open unless the mobile or desktop device being used is accessing the database through a secure connection.

All mobile devices which have advanced html (html 5.0 or higher) browser capabilities are supported.

 

Security Levels

Access to GAIL will be granted based on the role the employee performs at the University.  The security policy is designed to empower users to complete their tasks from beginning to the end within the system where possible.  This provides a single source of data for all campus users, decreases the training needed when moving within the university, tracks interactions with constituents, and maintains data security.

Views will depend on the constituent type, information contained within the record, and the device used to access the system.  A constituent type, such as an individual or organization, will change the screens which is necessary to work with a specific record.  If a constituent has earned recognition club levels then other screens will be displayed.  If selected, GAIL provides a limited view which can be used on mobile devices and which limits options based on screen size (a user may also view the entire system, but displays are not re-calibrate for smaller screens.)

Security roles are assigned and maintained by Advancement Services in the Division of Development and Alumni Relations.  They will assign the appropriate role based on an employee’s job function and data access needs.

Major Security Roles Available:

  • View Only – User has the right to view information in the system but cannot update or pull any information out of the system through electronic means. Access requires a “Confidentiality Agreement”, and the successful completion of “View Only” training through either in-person or online classes.
  • Update – User may update constituent biographical information, prospect plans (if applicable), events (if applicable), acknowledgements, correspondence notes or letters, and volunteer information. Access requires a “Confidentiality Agreement”, “View-only” training, and advanced training based on the employee’s job responsibilities.
  • Events -Enables the user to update information within the events module. Special event module training is required for this level of access.
  • View Query – This role may be granted to any role for an employee requiring the ability to run or output query information. No new queries can be created with this role.
  • Query – This role has a limit of two people within each unit which have a need to do data modeling and reporting. These users must come to monthly meetings for ongoing training and updates on using this portion of the database.
  • Membership Access – Employees needing access to the membership module of the database may have access to develop programs and assign members as payments come in. This module should be used for all membership programs on campus in which payments are processed through the University of Georgia Foundation.
  • Gift Receiving Roles – Multiple roles designed for the Gift Accounting group to allow entry of gifts and assets which will be passed to the financials. The Gift Accounting Department within Financial Services is the only group which may commit revenue within GAIL.
  • Research Roles – Multiple roles within the research group to facilitate workflow needed in the Research Department.
  • Web – Advanced role which allows units to update web components with the public facing Internet component of GAIL.
  • Email Services User – Role designed for employees who need to use the e-mail component of the Internet application. Used for sending newsletters and tracking communication in the system.

Requesting and maintaining Query Access

To request query access in GAIL, all requests must be made to the Analytics and Reporting Manager by sending an email to askit@uga.edu and coping the requestor’s supervisor on the request. Please include a justification for the need for access. The request will then be reviewed to determine if query access is needed or if another access level is more appropriate. If access is determined to be needed, access will not be granted until attendance of a query training session has been completed.

Once access is granted, users will need to have created or modified at least 1 query within a 6 month period to retain query ability. If these actions are not taken in the specified time period, query access will be removed and replaced with “View Query” only access. Additionally, users with query access will be required to attend at least 1 “update” session a year. Failure to attend an “update” will result in query access being removed and replaced with “View Query” access. In order to regain query access in either case the user must attend a “refresher/update” query training session before access will be restored.

The central Analytics and Reporting team will be responsible for compliance with this policy.

 

Training

The Advancement Services Training Department will handle all view only training related to the GAIL system and help schedule all advanced training.  They will provide in-person (classroom and personal), written, and online training materials.  All training updates and schedules can be found on the department’s website (https://dar.uga.edu/gail).  The training staff is designed to help campus units integrate their business processes with the system.  When system changes are needed to address employee concerns, this group will analyze the needs of the University as a whole with the resources available and direct any changes.  In addition, this training group helps set the security role access needed by each user of the system.

 

Requesting Data

Requests for alumni data may come from many different sources. This section is divided into the requesting/receiving source of each data request. All data lists outside the system, including “directory information”, should be considered sensitive information. All data must be properly destroyed (paper form) or deleted immediately after the project is completed or at the end of two weeks from receipt of the data file, whichever is the shorter timeframe.

 

Alumni Requesting their own data

GAIL provides a public networking portal for Alumni to view/update biographical data, view their giving information, update payment methods, view pledge balances, make notes to alumni records, and query alumni through an electronic directory. To request access to the public portal, submit an access request through https://gail.uga.edu/ by completing a short biographical update. The submission will request address, phone, e-mail, and graduation year information. The records group will analyze the data to ensure the user is and alumnus/alumnae of the university and send a welcome ID to the e-mail address on file. This process may take up to two business days. Once access to the system is granted, alumni can login and view data at their leisure.

 

GAIL User requesting Data Lists

All requests for data lists must go through askit@uga.edu or the unit’s representative for the query group (if applicable). An e-mail to askit@uga.edu will create a ticket and the request will be assigned to the appropriate report writers. All requests for data will be completed and provided within the application. Example: If a unit requests a selection of alumni to be invited to an event, the reporting group will create a selection and provide that selection name to the user. It is then the user’s responsibility to utilize the events module to execute his communication. This process provides several key objectives: 1) keeps the information secure within the application. 2) marks each constituent record as being invited to the event, solicited, and/or delineates individual interactions, 3) allows web developers to put the event on the web

for registration, 4) provides the designation for which funds will be deposited, 5) allows for registration to the event through the system, and 6) gives the Foundation a holistic view of the events to which constituents are invited.

Exception: Development Officers, defined as constituent code of “fundraiser” in GAIL, can request data lists from the system with contact information included. These lists are for their use only and may not be shared with any other users. In addition, requests must be made for prospecting purposes only and should not be used for events or other marketing purposes (Prospect Review and/or Call List). They will receive the file as an extract from the system and must destroy any locally saved downloads within two weeks of extraction. Once built, these extracts can be re-run when needed by the user.

 

Non-GAIL User (UGA Employee) Requesting Data Lists

A UGA employee that is not an authorized GAIL user may have a need for data from the system. An authorized GAIL user may supply data on these conditions: 1) ensure a non-disclosure form has been signed with that employee (found on the document tab of the constituent record of the requestor) (http://www.dar.uga.edu/gail_support_docs/Non-Disclosure_Person.pdf), 2) send all communication through the secure SendFiles application supported by EITS (http://wiki.eits.uga.edu/help/index.php/SendFiles), and 3) ensure the data is discarded immediately after the project is completed or in two weeks whichever timeframe is shorter.

An example of this type of request is: A professor needs an alumni list for their department to conduct a survey. In general, the professor has no business need for the information in GAIL but from time-to-time wants to utilize the data. A GAIL user authorized to write queries, can then create and export the requested data assuming the two conditions above have been met. This allows for the use of data by employees on campus and can be serviced by local GAIL users.

 

Non-UGA Employee Requesting Data Lists (Usually a Volunteer)

A non-employee may acquire data from the GAIL system on these conditions: 1) completion of a non-disclosure form(found on the document tab of the constituent record of the requestor) has been signed with that non-employee (http://www.dar.uga.edu/gail_support_docs/Non-Disclosure_Person.pdf), 2) send all communication through the secure SendFiles application supported by EITS (http://wiki.eits.uga.edu/help/index.php/SendFiles), and 3) ensure the data is discarded immediately after the project is complete or two weeks from receiving the data file, whichever timeframe is shorter. Once data is retrieved from the system, it is the responsibility of the person with access to ensure the data remains secure. The UGA employee providing the data must follow-up with the non-employee to ensure the data has been destroyed by the end of the project or two weeks after receiving the data, whichever comes first.

An example of this type of request is: If a GAIL user is enlisting the help of a volunteer and wishes to send contact information to the volunteer, the GAIL user must ensure the security steps above are followed before handing out any information. Volunteers may include political advisory groups, corporate alumni groups, alumni chapters, etc.

 

Outside Vendor Requesting Data Lists for Solicitation

The University of Georgia or the UGA Foundation may, from time to time, contract with third parties to communicate with alumni, solicit potential donors, or screen data on behalf of the University or one of its units. The University of Georgia Foundation protects alumni information and limits use of this data. Employees may not disseminate information from the database to outside entities without the express written consent of the Division of Development and Alumni Relations. For a Non-University Entity to receive data they must:

  1. Complete a formal contract which stipulates how they will use the information, when they will use it, if they are registered to solicit in each state, and when they will destroy the information. Third party vendors must register with the University of Georgia Foundation in all states in which they wish to solicit and that require State Solicitation Registration. (See State Solicitation Registration section below).
  2. Sign a Non-Disclosure Agreement which in which the vendor assumes all liability (Personal and Company documents separate) and absolves the University of Georgia and the University of Georgia Foundation of any and all liability.
  3. Must adhere to all UGA and Foundation rules in regard to using the information.
  4. Files must be sent through the secure SendFiles program (http://wiki.eits.uga.edu/help/index.php/SendFiles) to ensure adequate encryption.
  5. The contracting vendor and employees will remain responsible for enforcing the rules of the contract. (Example: If the UGA Alumni Association contracts with an outside vendor then they (the Alumni Association) will run the updated query when needed and provide the information. The Alumni Association will also ensure the vendor is adhering to the terms of the agreement in use and destruction of information).

 

Outside Vendor Requesting Data Lists for Printing Only (No Design or Consulting Work)

The University of Georgia/Foundation protects alumni information and limits the use of this data. Employees may not disseminate information from the database to outside entities without the express written consent of the Division of Development and Alumni Relations. An example of this type of request is: A GAIL user creates an event through the event module and is ready to send their export list to their printing and mailing vendor. Before they can send the contact information to the vendor, the GAIL user must adhere to the security requirements below.

For a Non-University Entity to receive data they must:

  1. Sign a Non-Disclosure Agreement in which the vendor assumes all liability (Personal and Company documents separate) and absolves the University of Georgia and the University of Georgia Foundation of any and all liability.
  2. Must adhere to all UGA and Foundation rules in regard to using the information.
  3. Files must be sent through the secure SendFiles program (http://wiki.eits.uga.edu/help/index.php/SendFiles) to ensure adequate encryption.
  4. Employee will remain responsible for enforcing the rules of the Foundation. The employee will also ensure the vendor is adhering to terms of the agreement in use and destruction of information.

 

Campus Mail Processing Data Lists for Printing/Mailing Only

UGA Campus Mail does not need to submit a formal non-disclosure agreement.

 

Authorized Royalty Contracts

The UGA Foundation has the authority to enter into contracts with outside vendors for the generation of royalty revenue from the sale of trademark materials. These contracts are exclusive and limited based on approval from the university. Distribution of revenues are based on royalty terms.

 

Non-University Entities Marketing Their Own Product or Services

Individuals and organizations external to the University often request access to alumni data lists in order to market their own products or services. These offers may be in the form of a sponsorship, fee for data, or some other reciprocal arrangement. The University of Georgia places a high value on its reputation, and the Division of Development and Alumni Relations aims to be a responsible steward of alumni contact information. Selling of alumni data lists are strictly forbidden.

 

Data Standards

Consistency in data entry is of primary importance to Advancement Services. When an inconsistency of entry is found, the Training Department will be notified to address the issue with the appropriate employee(s). If training attempts are made and the entry issues persist, Advancement Services has the right to revoke access to individuals who repeatedly go against entry standards. Entry standards will be continually updated on the GAIL training website http://www.alumni.uga.edu/gail as will training tools to help both visual and auditory learners.

 

Current Student

A current student is defined as an individual that is enrolled in a class as based on the last system upload from the student system.  GAIL is refreshed from the student system one month after each semester’s drop/add period.  A transfer file from the UGA student system is used to update the GAIL system at this point.  The files after the May semesters and summer semester are exceptions to this rule.  These files will add current students if they do not exist but will not remove current students if they are not enrolled in any of these semesters.

 

Alumni

The educational information for UGA and the Alumni indicator use the Registrar’s system as a source.  After each graduation student information is moved to the graduate database, thus including all new graduates in the alumni database. 

 

Matriculate

The matriculate flag is set whenever a current student is not included in the file from the student system and not in the Registrar’s graduation file.  They are assumed to no longer be a student.  Exceptions to this are the May and Summer semester student files.  These are not used to reset current student indicators.

 

Faculty/Staff

The Staff and Faculty indicators in GAIL are obtained by a quarterly download from the Human Resources system.  In some instances, the staff indicator must be added or removed on more frequent intervals so the Records staff has been granted access to accomplish this task when needs dictate.  HR is the custodian of this information in GAIL.

 

Solicit Codes

All users granted access to run queries, pull mailing lists, run direct marketing appeals, send out e-mails, and invite individuals to events will adhere to the appropriate “do not solicit” codes in the system.  GAIL has generic (apply to all University contact) and site (college/unit) specific codes.  All communication should include the appropriate codes for each instance.

 

Education

Education updates to individual records can only be done by the records department.  The education screens cannot have security limited to non-UGA degrees and the UGA degree information is owned by the Registrar’s office.  Given this, only the people with access to the Registrar’s information may edit the education information.  The Office of Gift and Alumni Information is the only group granted access to edit this information.  If a user wishes to obtain education information for a constituent, the user must send the data to askit@uga.edu so that it may be added to the system.  Expect two to three business days for this change to take place.

 

Expiration Date on Communication Code

All communication codes must have a three year maximum end date included with every entry.

 

E-Mail Usage

The Foundation does comply with the CAN-SPAM Act of 2003. All e-mail correspondence must comply with unsubscribe, content, and sending behavior outlined below:

  • Unsubscribe Compliance
    • A visible and operable unsubscribe mechanism is present in all emails.
    • Consumer opt-out requests are honored within 10 business days.
    • Opt-out lists, also known as Suppression lists, are only used for compliance purposes.
  • Content Compliance
    • Accurate “from” lines (including “Friendly froms”)
    • Relevant subject lines (relative to the offer in the email and not deceptive)
    • A legitimate physical address of the publisher and/or advertiser is present. P.O. Box addresses are acceptable in compliance with 16 C.F.R Section 316.2(p) and if the email is sent by a third party, the legitimate physical address of the entity, whose products or services are promoted through the email, should be visible.
  • Sending Behavior Compliance
    • A message cannot be sent through an open relay.
    • A message cannot be sent without an unsubscribe option.
    • A message cannot be sent to a harvested email address.
    • A message cannot contain a false header.
    • A message should contain at least one sentence.

 

Reporting Issues or Making Suggestions

Suggestions and the reporting of issues to first line support staff is easy and encouraged.  There are various ways to obtain support depending on how the user feels most comfortable reporting.  Below are lists of support options which all run through a single support system (AskIT) at the Foundation.  Support for GAIL encompasses both technical and business questions.  Business questions will be answered by SME’s while technical questions will be answered by internal IT staff.  Issues which require second line support by the application vendor will also be tracked from this system.  When interacting with support, the user will be supplied with a ticket number which can be used to track progress until the issue is resolved.

  1. Go directly to the AskIT system to log an issue https://dar.uga.edu/ugaticket/scp/login.php.  The ticketing system uses the myID and Password process to authenticate access.
  2. Send an e-mail to askit@uga.edu.  When an e-mail is sent to this account it automatically creates a ticket in the system.  The system monitor is prompted when new tickets arrive and routes issues to the appropriate person.  Responses sent through askit@uga.edu for the same issue will automatically be applied to the original ticket in the ticketing system.
  3. Call the support desk directly at 706-542-8188.  This phone is answered from 8 a.m. through 5 p.m. any business day in which the University of Georgia is open.  The support staff answering the phone will enter a ticket on the user’s behalf if needed or answer user questions directly.
Print Article