Skip to main content

Account Access Change Control Policy

Version 1.0.3

Purpose

The purpose of this policy is to define IT Resources account access modifications for entities affiliated with the University.

Scope

This IT policy, and all policies referenced herein, shall apply to all members of the University community including faculty, students, administrative officials, staff, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • When authorized parties deem it necessary to modify an individual’s account access due to a qualifying event. Qualifying events include, but are not limited to:
    • Change in role/position within the University department
    • Transfer to another University department
    • Retirement
    • Non-working Leave of Absence (LOA)
    • Employee’s job duties no longer require access to certain services or environments
  • If an entity’s status requires a change in account access, it is the responsibility of the managing supervisor (or higher) to notify Human Resources and IT Customer Care to alter account access to pertinent systems.

Definitions

IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Related Policies and Procedures

Implementation Information

Review Frequency Annual
Responsible Person Director, IT Risk and Data Integrity
Approved By CISO
Approval Date March 1, 2017

Revision History

Version Date Description
1.0 07/28/2016 Initial policy
1.0.1 03/01/2017 Grammatical changes only. No change to policy.
1.0.2 5/22/2018 Updated scope, disclaimer, definitions
1.0.3 05/22/2019 Updated related policies

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Willful failure to adhere to UISO written policies may be met with University sanctions.