As part of Quest Experience Week—PeopleSoft Day, Kim O’Connor, the Senior IT Manager at Tower International, gave a presentation about the company’s process of implementing self-service. The presentation covered the phases of implementation, considerations to keep in mind, and how they handled support and testing.
Tower International began the technical modeling, application configuration and researching of Two Factor Authentication (2FA) solutions in August 2017. Some of the reasons that Tower International began considering this implementation were cost savings, process improvements, and employee engagement. They upgraded to PeopleTools 8.56 in December 2017 and their 2FA solution was completed by February 2018. The first hourly location that went live with Paycheck View was in March 2018. All of the remaining locations went live with Paycheck View in August 2018, and Open Enrollment for all salary and hourly employees was completed by November 2018.
The 6 Phases of Implementation
The implementation took place at kiosks, which required employees to use VPN connections to connect with the Internet. This allowed employees to use their own personal devices throughout the process. This implementation was completed in six phases.
- Phase 1: View-only access to paychecks, W-2s, bank information, W-4 elections, benefit elections, dependent information and personal data.
- Phase 2: Annual Open Enrollment for all employees.
- Phase 3: Benefit enrollments for new employees and Life Events.
- Phase 4: View of Vacation/PTO accrual balances in KRONOS.
- Phase 5: Submitting Payroll documents as on-going maintenance and onboarding documents.
- Phase 6: Custom modules.
Considerations During Implementation
There were several considerations to keep in mind during Tower International’s implementation process. One consideration was whether to use Classic or Fluid. Since Fluid wasn’t available at the beginning of the implementation and Tower International only has a two-person development team, they didn’t have time to learn Fluid. This meant that they chose to manage the application with a combination of Fluid and Classic. Fluid was used where it was delivered and Classic when they needed to develop. Tower International plans to circle back and “fluidize” the development at a later time.
Tower International also wanted to control the areas the user could access in an effort to minimize how lost they could get. They accomplished this by doing three things:
- Created their own Navigation collections, Tiles, and Roles for the self-service application.
- Used portal settings under Structure and Content and set the tiles they wanted the users to have on the home page based on a specific role.
- Removed access to the Navigator menu.
In addition, Tower International decided to utilize Two Factor Authentication (2FA). It had to be simple, secure, and affordable. This led Tower International to create their own customized 2FA. The first page in the 2FA is used to verify that the user ID is valid, the account is active, and that the user has a particular role. If all criteria are met, the user is redirected to the second page. Here, depending on the status of the employee’s profile, they will either be presented with the page to enter their self-service verification PIN or they will be directed to a page where they can select the delivery method for their verification code.
Support and Testing
The local Human Resources staff at each plant is the tier one support. The staff is prepared to assist employees by supplying them their user ID, looking up their security verification PIN, helping them complete their profile, assisting them as they walk through the connection process on their device, and resetting passwords.
For vulnerability testing, Tower International hired an outside firm that worked for three weeks on testing both externally and internally to find data leaks and penetration points. They resolved the identified risks within a few days of the reported findings, but ongoing testing will be randomly conducted each month because closing down vulnerable areas is a must.
Tower International also had to address the potential use of SQL Injection because every field that allows data entry and is used as a variable in the process to access data must be sanitized.