Training for TEAM Local Security Managers

Training for TEAM Local Security Managers

The User Management Process

Updated 12/09

Page 2FTA Office of Program Management

Objectives• In order to have a secure overall process for user

management in TEAM. We need:– Standard practices– A method to ensure the quality of TEAM user information– Internal controls for staff access and authorization


Local Security Manager Responsibilities

• Setting up user accounts • Quarterly monitoring of TEAM users• Reset passwords for users assigned by your office• Ensure accurate completion, processing, and filing of

TEAM user access forms


Active Users

Active Users

Cost Center Name Cost Center Code Total Users

Office of Administration (TAD) 62000 42

Office of Chief Counsel (TCC) 63000 11

Office of Congressional Affairs (TCA) 64000 5

Office of Program Management (TPM) 65000 245

Office of Budget Policy (TBP) 66000 104

Office of Research & Innovation (TRI) 67000 301

Office of Civil Rights (TCR) 68000 32

Office of Planning & Environment (TPE) 71000 32

Lower Manhattan Recovery Office (LMRO) 72000 23

Region 1Cambridge MA TRO1 78100 329

Region 2 New York NY TRO2 78200 401

Region 3 Philadelphia PA TRO3 78300 560

Region 4 Atlanta GA TRO4 78400 1914

Region 5 Chicago IL TRO5 78500 974

Region 6 Arlington TX TRO6 78600 563

Region 7 Kansas City MO TRO7 78700 194

Region 8 Lakewood CO TRO8 78800 211

Region 9 Sanfrancisco CA TRO9 78900 893

Region 10 Seattle WA TRO10 79000 789

Grand Total 7623


The TEAM User Access Forms• Package location:

– TEAM Home Page, FTANet, and FTA Public Website– FTA Net:

http://ftateamweb.fta.dot.gov/static/Guidance-HQ/TEAM%20User%20Access%20Forms%20and%20Instructions.pdf

• Includes 2 Forms:– Staff/Contractor/Auditor– Grantee/Recipient

• Includes Complete instructions:– Which form to use– Where completed forms go for processing– What additional documents may be needed– What Authorizations may be necessary


Point of Contact

• In the TEAM User Access Form Instructions

• Listed on the TEAM Home Page

http://ftateamweb.fta.dot.gov/frames.htm


Staff Access• All staff access forms to TEAM should be signed by their supervisor

• Special access to job-specific functions should be signed by a HQ representative for that function (Authorizations for Special Functions, page 18)

– Budget Functions– Legal Signoff– Civil Rights Functions– PIN Number for Obligation Activities, Earmark Management, etc– Accounting functions


Contractor Access• Contractors acting as FTA staff who require access to

TEAM MUST be Authorized by their Contracting Program Manager.– Example:

• Triennial Review Contractor must be Authorized by Triennial Review Program Manager and FTA approving official


Auditor Access• Auditors who require access to TEAM MUST be

Authorized by the FTA Audit Liaison in TBP.

• This access should be promptly removed when audit activities are complete.


Grantee Access• Ensure that Grantee are authorized to have the functions that they

are requesting

• Have the grant manager sign off to verify identity

• Make sure ‘Designation of Signatures’ are on file for users “PINing” on behalf of others in their office. – (See TEAM User Access Forms and Instructions Appendix1)


Good Practices I• Add notes to the user record to note user record

activities, password resets, access changes, etc.

• Use TEAM to notify user of username and password

• Username and password are in the same email

• DO NOT email a PIN, send it via US Post Office mail address on file, or leave it in a voice mail box with a matching name for the user account


Good Practices II• DO NOT change email address without verifying user identity

• Attach scanned user access forms to the user record, if possible

• Do NOT add/modify users without proper documentation

• Do not reset email addresses or passwords without verifying user information

• If you are not sure about a user ask questions to verify information

• Verify that recertification is not necessary before attempting to reset password


Example: Password Reset• If a user calls and asks to reset their password:

– Retrieve their user file

– Ask them for the last 4 digits of their SSN (or other designated number as recorded on their User form)

– Verify their office phone and address

– Verify email address

– Send new password to the email address on file in the TEAM record

• Ensure the person who is calling is the person who should be using the account

• Ensure that the information remains accurate in TEAM


Staff/Contractor/Auditor FormStaff/Contractor/Auditor Form

•Collect the formCollect the form

•Verify the information & Verify the information & Authorizations Authorizations

Multiple Authorizations may Multiple Authorizations may be required for special be required for special access!access!

•LSM signs as FTA Operational LSM signs as FTA Operational ApprovalApproval

•Process the form in TEAM (Verify Process the form in TEAM (Verify & Certify!)& Certify!)

•File the form (attach in TEAM, File the form (attach in TEAM, keep on ‘paper’ file until user keep on ‘paper’ file until user account is terminated)account is terminated)

•Local Security Managers must Local Security Managers must notify your office Administrative notify your office Administrative Officer to add new users to OASIS Officer to add new users to OASIS TEAM User Group (Staff only)TEAM User Group (Staff only)


FTA Authorizations• Identifies the appropriate individuals that must provide

signature to authorize access to special functions

• One or more FTA authorizations may be required – Attach file with additional authorizing documents as necessary


Supervisor Authorization• A Supervisor MUST sign to authorize staff access

• Administrative Officers MUST be notified to add new staff users to the OASIS TEAM User Group

This ensures that the Office maintains awareness of system access!


Authorization for Special Functions

Regular Access - Employee's Supervisor or COTRSpecial Access• Help Desk Functions/Local Security Manager Functions

– TEAM Project Manager or Director of Information Technology (TAD)• Budget Functions

– Director of Financial Systems or Director of Budget (TBP)• Earmark Administration Functions

– Director of Transit Programs (TPM)• Civil Rights Functions

– Civil Rights Officer, HQ (TCR)• Legal Signoff

– Chief Counsel or Deputy Chief Counsel (TCC)• FTA Obligation Authority (Award Access and PIN, also listed on pick list for 'Paper' Grants)

– Only as indicated in the Federal Transit Administration Delegations of Authority• Auditor Access

– FTA Audit Liaison (TBP)


Grantee FormGrantee Form

•Collect the formCollect the form

•Verify the information & Verify the information & AuthorizationsAuthorizations

Additional documents may Additional documents may be required for special be required for special access!access!

•LSM signs as FTA LSM signs as FTA Operational ApprovalOperational Approval

•Process the form in TEAM Process the form in TEAM (Verify & Certify!)(Verify & Certify!)

•File the form (attach in TEAM, File the form (attach in TEAM, keep on ‘paper’ file until user keep on ‘paper’ file until user account is terminated)account is terminated)


Designation of Signature Authority• Template available in User Form Instructions (TEAM

User Access Forms and Instructions Appendix1)

• Used to delegate signature or “PIN” authority to someone other than the Official Named on the Resolution Authority


Designation of Signature Authority

FTA need not obtain a separate legal opinion for authority of the Applicant's CEO to enter his or her on behalf of the Applicant, PROVIDED THAT:

1. The individual seeking TEAM access is the Applicant's CEO, and

2. IF:A. The Applicant's CEO has selected certs and assurances on

behalf of the Applicant for the current fiscal year,B. The Applicant's CEO has entered his or her PIN in the TEAM

Affirmation of the Applicant, and C. Either:

a) The Applicant's attorney has entered his or her PIN in the TEAM Attorney's Affirmation signifying that the Applicant's actions are authorized by law, or

b) The Applicant has on file an Affirmation of the Attorney dated during the current fiscal year, and the CEO has entered his or her PIN in the place for the Applicant's Attorney's PIN.


Notification of Attorney's Affirmation

1. FTA prefers that the Applicant's Attorney enter his or her own PIN in the Affirmation of Attorney.

2. On the other hand, FTA permits the individual authorized to act on behalf of the Applicant to enter his or her PIN on behalf of the Applicant's Attorney, provided the Applicant has on file a current Affirmation of Attorney pertaining to the Applicant's authority to enter into agreements with FTA, comply with Federal requirements, and acknowledging that statements made by person signing the certs and assurances on behalf of the applicant are correct.

(Among other things, this statement implies that only the proper individuals have been authorized to commit an Applicant to comply with FTA’s terms and conditions for assistance.)


Authorizing Resolution

• In general, a public body must have an authorizing resolution from its board of directors or be otherwise properly authorized under state and local law before it can take any action.

• Consequently, FTA expects the Applicant/Recipient to retain that resolution in its files, but it is desirable for the Applicant/Recipient to scan it and attach it in TEAM.


TEAM User Security ScreensSee the TEAM User Guide located at http://ftateamweb.fta.dot.gov/static/userguide.html

chapter 10. for detailed walkthroughs of the screens

Click “Certify User” to record that an Authorized User Access form is on fileClick “Certify User” to record that an Authorized User Access form is on file


User Screens, continued

Office or cost Office or cost centers the user centers the user

has access to has access to view and/or edit. view and/or edit.

This cost center is This cost center is usually usually

associated with associated with the users office. the users office.

Multiple cost Multiple cost centers can be centers can be

used if necessary. used if necessary.

(depending on (depending on Roles/Privileges)Roles/Privileges)

Recipient IDs the Recipient IDs the user has access to user has access to

view and/or editview and/or edit

(depending on (depending on Roles/Privileges)Roles/Privileges)


Security Roles / Privileges

• It is important that you understand these boxes and how to accurately reflect the user’s job function in both the form and the TEAM user account.

• Security Roles Reference Document located at : http://ftateamweb.fta.dot.gov /static/Guidance-HQ/

• Contact the User, the FTA Authorizer, or the TEAM help desk if you are still uncertain of the type of access they need, or how to assign it in TEAM!


Security Roles / Privileges

Role / Function Recipient FTA (Staff)

Other (Contractor)

Description

Recipient FunctionsSubmit X X X Right to submit an Applications Execute X X X Award agreements can be executedCertify as Lawyer X X Certification right as a lawyerCertify as Officer X X Certification rights as an officerCertify as Both X X Certification rights as both a lawyer and officerSupplemental Agreement X X Rights to create a supplemental agreement

FTA FunctionsAward X X Right to award funding Deobligate X X Right to deobligate fundingApprove budget revision X X Right to approve budget revisionMaintain All Projects X X Right to all project management toolsFPC Transfer X X Financial purpose code transferLegal Concurrence X X Right to concur as legal representation

Help DeskLocal Security Manager X Right to modify user accounts and privilegesCivil Rights X Right to approve civil rights documentationDepartment of Labor X Right to approve DOL documentation

AccountingMaintain Funds Control X Right to maintain project fundingApprove Advice X Rite to approve adviceApprove operating Budget X Rite to approve operating budget

Earmark AdministrationEarmark HQ Mgr X Rites to manage earmark moduleEarmark Financial Mgr X Rite to manage earmark funding


Good Practices• If Supplemental Agreement is selected, make sure that the

Designated Recipient in the recipient profile is correct (e.g. Recipient who created the profile is 1599 designated recipient cannot be 1599 it must be another recipient ID and make sure the radio button for designated recipient is marked yes.)

• Make sure the designated recipient id is in the primary Recipients Id and the project recipient is in the Auxiliary ID.


Monitoring Users

• Within 2 weeks after the end of every quarter, TPM (headquarters) will send via email an excel file of FTA staff and contractors who use TEAM and the roles they have in TEAM to the Local Security Managers (LSMs). Each LSM will only receive the list of users set up under their cost centers

• The LSMs will review the files and verify the following:– All users have on file an approved (signed by a supervisor) user access

form – The roles approved for the users on the access forms are the same as

the roles they currently have in TEAM (as indicated in the excel file)• LSMs should suspend TEAM users whose access forms are not on file• LSMs should revoke TEAM users who have roles that were not approved on

the access forms• Each LSM should report their findings back to TPM via email within two

weeks of getting the excel file of TEAM users. The findings should include the following:

– The number of TEAM users suspended for not having TEAM user access forms on file

– The number of TEAM users with roles revoked because the roles were not approved on the access forms


SUSPENSION OF TEAM USERS

• If a TEAM user is suspended because of multiple erroneous login attempts, he/she can be reactivated any time without having to go through the approval process again

• If a TEAM user gets suspended because he/she does not have an approval form on file, then he/she has to fill out the user access form and go through the approval process

– Make a comment in the note section of the user’s profile stating why the user has been suspended so that the helpdesk does not un suspend the account in error.

• All TEAM users who have not accessed TEAM within a year will have their accounts suspended and they will have to go through the approval process again before their accounts can be reactivated. However, users will be notified a month in advance before the suspension of their accounts, so as to give them the opportunity to log into TEAM to avoid being suspended.


Questions?

Contact the TEAM Help Desk for assistance!

Hours of Operation M-F 8:00a.m. to 5:00p.m. (EST) Telephone Number 888 - 443 - 5305

Email Address [email protected]


Clarifications1. Local Security Managers will generally process the forms in TEAM for the

people that work out of their locality. A local Security Manager has authority to add/modify staff users from authorized forms for other offices to TEAM. In any case, be sure to note where the access forms & supporting documentation is filed if it is not attached to the user record in TEAM.

2. "Grantee User Supervisor" or "FTA Point of Contact" on the User Form

From Linda Sorkin: Please have the CEO, board chair or other delegated authority send us a delegation of signature with an org chart stating that any one who is the supervisor for a TEAM user can sign for that person.

3. Access to these TEAM Financial Functions now require Accounting/Budget

Signoff – Obligation – Deobligation – FPC Transfer – Accounting Functions – Maintain Funds Control – Approve Advice – Approve Operating Budget


Clarifications 4. The Local Security Manager has the authority to “Certify” that an authorized

access form or accompanying documentation is on file. In cases where the form and/or accompanying documentation is expected on or about a certain date, and interruption in TEAM access would cause delays in grant processing, it is at the discretion of the Local Security Manager to “certify” users. In any case, be sure to add notes to the User’s record indicating the expected dates of the documentation.

5. For recertification of existing grantee users, the FTA regional knowledge of

grantee’s organization may be sufficient basis for accepting the supervisor’s signature. For audit purposes, it would be good to attach a copy of the grantee’s org chart and/or supervisory chain of command to the recipient profile information. That could be done as a matter of routine business after the certification. Of course, if there is any question about the signature authority, the security manager should request the documentation suggested in the guidance provided following the TPM biweekly conference call and now incorporated in the grantee instructions.

6.For certification of new grantee users, the org chart and other evidence of the

signature authority should be requested at the time of the initial certification.

7. Pins' should NOT be emailed. A paper copy can be mailed to the address on the User Account, or a Voice Mail left to an inbox with a matching first and/or last name.

Documents

Training for TEAM Local Security Managers