When it comes to the security of your Arizona State Retirement System (ASRS) Employer Secure Account, one of the most important guidelines to follow is to never allow the sharing of login credentials. Sharing account access can lead to numerous unwanted security breaches from someone gaining access to information they should not see to one user making changes that are recorded under another user’s name. If ASRS identifies shared credentials, we will deactivate employer account access and require new user accounts to be created. Each user must have their own unique login ID and password to ensure accountability and security.
While everyone with access to an Employer Secure Account plays a critical role in ensuring sensitive information is properly safeguarded, the Employer Administrators bear the greatest responsibility. This collective responsibility helps protect both your organization's data and the privacy of ASRS members, your employees. If you are the designated Employer Administrator for your organization, there are several key responsibilities you need to keep in mind in order to maintain account security and efficiency for all users.
As Employer Administrator, keeping contact and demographic information up to date is essential to avoid unnecessary delays and ensure users can access their accounts without issue. Outdated phone numbers or email addresses can make it difficult to reach employer partners in a timely manner, especially if they need assistance resetting their passwords.
Another critical Employer Administrator responsibility is deactivating Employer Secure Accounts when employees leave the organization or move to a role where access to the ASRS employer secure account is no longer required. Keeping inactive accounts open poses a significant security risk. Promptly deactivating these accounts minimizes the potential for unauthorized access to sensitive information.
Regularly reviewing user activity is also vitally important. This allows you to track actions taken by your registered users and other administrators, which can help maintain accountability and highlight any unusual or unauthorized behavior. To view user activity, click on the “Employer Users Activity Report” link available from within your employer secure account. This report shows the past 60 days of employer user activity.
ASRS recommends having at least two Employer Administrators registered at any given time. This provides backup if the primary Employer Administrator is unavailable, and allows the secondary Employer Administrator to assist with account management.
Finally, it is strongly recommended that existing administrators create a new Employer Administrator account for their replacement if they plan to leave the organization or retire. This ensures a smooth transition and avoids delays in account access, as it is simpler and more efficient to set up a new Employer Administrator account while the current one is still active.
Remember, the security of your organization’s ASRS Employer Secure Account is only as strong as the people who manage it. When you share login credentials, you are not only risking unauthorized access to sensitive information, but also putting yourself at risk of being held accountable for someone else’s actions.
By staying vigilant about these responsibilities, you help ensure that your organization’s ASRS-related information remains secure and compliant. This protects ASRS members and your organization alike.
By Nichole Fuller, Employer Relations
Published 11/26/2024
