My Oracle Support Banner

HCM TAM: How Are PeopleSoft Recruiting Solutions Applicant Data Protected? (Doc ID 2490517.1)

Last updated on SEPTEMBER 24, 2023

Applies to:

PeopleSoft Enterprise HCM Talent Acquisition Manager - Version 9.2 to 9.2 [Release 9]
Information in this document applies to any platform.

Goal

HCM contains protected data, in this case HIPAA data from benefit participants. Data protection, system authentication requirements, and so forth for HIPAA security levels is set by NIST guidelines.

HCM utilizes PeopleTools authentication and authorization (once configured), which meets the requirements set forth by NIST: password controls, authentication, authorization, data level protection, and so forth. We know NIST does not certify, but there are assessments (ours is annual and required by state policy) that ensure a system and how it is configured meet regulatory requirements.
Our questions stem from how the system will be setup architecturally and internal security configuration including access levels and data level security and general processes.

If we follow one of the setup options for PeopleSoft Recruitment and Talent Acquisition will be on the same data base as our standard HCM install. The only PeopleTools authentication level we can find mentioned is the new Guest account for recruitment. It authenticates to the EMPLOYEE registry structure unlike the eSupplier Portal and associated Portal Registry Structure in FSCM. Beyond the Guest account auto-login and authentication, PS Recruitment does not, at least per the docs and what we’ve seen via trace, utilize PS authentication and authorization.

Specific questions:

1) How are access levels for applicants, once registered and authenticated, controlled?

2) How is data level security enforced for an applicant?

3) How is data level security enforced for an employee that is also applying via the Recruitment login?

4) How is data level security enforced for a hiring manager (example: Applicant applied for job at agency A, Agency B-Z hiring managers should not see Agency A’s applicant, the exception being our overall HR group).
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.