Tips for a Successful myVRS Navigator Security Review
To protect member privacy and security, it’s vital that anyone using myVRS Navigator have the proper level of access required to perform their job duties, and that outdated user contact information or access levels are corrected.
That’s the central point of the annual online security review, which kicks off in late May. By working as a team implementing role-based security, VRS and employers can make sure that myVRS Navigator users have the tools they need while members’ privacy is protected.
Security Administrators, who oversee and approve access to myVRS Navigator for their agencies, will receive a message from VRS outlining the procedures and timeline for conducting the annual security review. That opens a 30-calendar day window to complete the review, which is done online thanks to employers’ successful adoption of the new process VRS introduced last year.
The online security review is a once-a-year reminder to make sure that all those with access to myVRS Navigator have access only to the data fields required for their job duties. It’s also an annual reminder to verify all demographic information on system users, such as phone number, email address and job title, is current.
In brief, here’s what each Security Administrator or designee will do:
- Log on to myVRS Navigator and access “Employer Security Review Workflow” in the Work Pool panel.
- In the Contacts panel, inactivate any non-administrative contact who should no longer have access. Add end dates for their roles if applicable. Also, click the name of each non-administrative contact and verify or update demographic information.
- Review demographic and all active roles for administrative contacts. If only demographic changes are needed, the Primary Administrative Authority may document them on the organization’s letterhead and send it via email to employersupport@varetire.org. (Administrative contacts cannot be inactivated through the review process.)
After the security administrator completes those tasks, the Primary Administrative Authority should follow step 1 above and then certify and submit the security review.
Best Practices
- You will complete the review annually, but changes to roles or demographic fields should be made as soon as you become aware of them.
- At all times, eliminate any sharing of access credentials. Each contact must have individual access credentials.
- To inactivate, add or replace administrative contacts, the Primary Administrative Authority must submit a new Authorization of Administrative Contacts (VRS-67A).
For More Information
For a step-by-step outline of the Security Review, check out the Employer Security Review job aid (login required). If you do not have log-in credentials, email externalVLC@varetire.org to request registration.
Questions? Call the VRS Employer Support team at 888-827-3847 and select prompt 5, followed by prompt 1 for assistance with any step in the process.