OATS User Accounts: Proper Maintenance to Avoid Security Risks

August 22, 2003

 

All firms that report data to OATS directly or via a third party and all third parties that report data to OATS on behalf of a member firm must register with OATS and obtain an Administrator User ID and password. Once this initial Administrator User ID and password is established, the reporting party may then request additional user accounts with which to submit data and/or view data submissions. Because these user accounts serve as the primary security measure for a reporting party against unauthorized data submissions, it is in the best interest of each reporting party to ensure that user accounts are properly maintained and controlled.

 

NASD has found numerous User IDs and passwords that are expired, disabled or dormant and yet remain on the system. Some users also appear to have multiple, identical User IDs and passwords. Reporting parties are advised to adopt supervisory procedures providing for the periodic review of all user accounts to ensure they are still valid and passwords are current. Reporting parties should also adopt supervisory procedures to delete any unnecessary User IDs and passwords immediately after determining that they are no longer necessary, as they could be unnecessary security risks to your firm. Finally, reporting parties should ensure that the contact person(s) identified in the system is current and should take steps to delete outdated contacts so that your firm is ensured of receiving OATS announcements and feedback in a timely manner.

 

If you have any questions or concerns on how to update or delete your user accounts, please contact the OATS Helpdesk at (800) 321-NASD.

Last Updated: 8/22/2003