Obtaining a User Account

To gain access to IPS, a request form must be filled out and approved by employee manager, or local HR Manager and/or Director. The request form can be found at the following locations:

At SharePoint. The request form is located under Documents, GDS, GDS General Information, Forms, "IPS Request Form".
At IPS. From the upper menu bar, select System, then System Documents. Scroll down the page and locate the 'Click Here' link for the IPS Security Request Form.
Contact the Global Delivery Services HRIS Team. Send an email to HRIS@xerox.com.

Completing the IPS Security Request Form

User may place mouse pointer over the question marks next to each field to see an explanation on how to enter the correct data.

According to company policies, users from Operations, such as managers, supervisors or team leaders, can only access employee basic information (Name, SBU, Location, Team, etc.)

Access to employee personal information is restricted to only users from the Human Resources department.

Also, in sites where IPS is used to run the payroll process, the access to all payroll tools is restricted to those users from the Payroll / Finance department.

Security Requests forms must be printed, signed, authorized, scanned and sent to ips.support@xerox.com. Forms may also be sent via FAX to 52 + (662) 260-9089, ext. 201.
In addition, all IPS Access requests must be reviewed and authorized by the International HR VP.

If, for any reason, having the form signed by the user supervisor is not possible, the IPS team requires at least an email message where the supervisor expresses his consent.

It is also worth noticing that the IPS access is granted and filtered based on the same FEPS Operations structure:

Company Code
Division
SBUID
Location
Team

This means that the access privileges of a manager from a particular SBU, say MetLife (ML), can be restricted to only the group of employees under SBUID ML and nothing more. Therefore, there is no way this particular individual gains access to employee data from another division, SBU, location or team.

However, there could be division managers or leaders who direct operations for more than one SBU that may need access to several departments (either Divisions or SBUs). In those cases, the HR local representative must note the specific access settings in the access request form, so the system administrators can setup the user account accordingly.

For all those users in countries where the FEPS operations structure may be unknown, it is important to note that this is an operational structure intended to filter any particular user access settings keeping data confidentiality intact among the different company business units.

For example, there is a country X, with offices running operations in two different cities: A and B.

In city A there are employees from Transportation Group and Buckconsultants, and each group of employees is managed by its own Human Resources office.
In city B there are employees from ITO, CSG and CORP, and all employee data is managed by another different HR office.
The access settings of the IPS users from each HR office must allow them to view / edit the employees in their own group only. This means no HR representative from one group should access employee data from another group, even when they are all in the same country.

Normally, each country where an office exists is represented by one company code. However, the confidentiality of the employee data is ensured by the operative structure settings, where employees are grouped under a certain Division / SBUID / Location / Team, in order to mantain the user access restrictions according the needs of each site and its users.

IPS policy on disabling user accounts
IPS user accounts might be deleted, or blocked under certain circumstances:

User is terminated.
- Automatic Deletion - Given that IPS keeps two separate System Access tables (one for IPS employees and other for IPS users), and the system uses the same primary key in both tables (WIN=World Identification Number), when an employee/user is terminated in the system, the corresponding user account is automatically deleted at the same time the termination process is completed.
- Daily Job - Considering that IPS data records include non-U.S. employees only, and that some IPS users do not exist as IPS employees (domestic users), IPS is fed with a GDM termination file on a daily basis. This file contains all employee terminations which were processed in every company system.
  The system will check file for terminated IPS users who do not exist in system employee database, and will delete all user accounts which belong to GDM terminated employees. This process takes place every 24 hours.
Direct request.
- IPS administrators will delete user accounts upon request from the local site HR or Finance department. This kind of requests are often related to a user/employee move to a new position where IPS access is no longer necessary.
- User accounts may also be deleted in attention to requests made by 'Super Users' from the HR Corporate office in Dallas, TX.
  Super Users have access to a User Matrix query, which has been designed to check for specific users access privileges; The query name is "Users".
  Super Users will usually run this query on a quarterly basis. However, query may also be accessed as often as desired.
Manual deletion by IPS Admin Team.
- IPS Admin Team will periodically review the system access database in order to clean up the users table. The following user accounts will be deleted:
  1. Terminated employees.
  2. Expired accounts (user could still retrieve password using unlock key, but account has remained inactive for more than 90 days).
  3. Blocked accounts (user did not logon in more than 120 days).
  4. In addition, every 90 days the IPS administrators perform a review of all user accounts where User Id does not match employee WIN, and will delete all user accounts that belong to terminated employees.