Provisioning and Deprovisioning Policy
The purpose of this policy is to define the University’s IT Resources account access issuance (provisioning) and disallowance (deprovisioning) for entities affiliated with the University.
This IT policy, and all policies referenced herein, shall apply to all members of the University community including faculty, students, administrative officials, staff, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
- With appropriate authorization, access to University IT Resources is granted to entities (person or non-person) with a demonstrable need for account access.
- When an entity (person or non-person) is no longer affiliated with the University and no longer requires access to the University's IT Resources, it is the responsibility of the managing supervisor (or higher) to notify Human Resources and IT Customer Care to cancel account access to pertinent systems.
- Systems that do not use Fordham IT’s Central Authentication Service (CAS) and automatic provisioning/deprovisioning processes must be manually provisioned/deprovisioned by system owners.
- Corporate and generic accounts follow the terms of this policy.
Corporate accounts are departmental or group email accounts.
Deprovisioning is the term used when account access is suspended or disabled from use.
IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.
Provisioning is the term used for creating or providing specific account access.
Related Policies and Procedures
|Responsible Person||Director, Information Security|
|Approval Date||March 1, 2017|
|1.0.1||03/07/2018||Grammatical changes only. No adjustments to policy.|
|1.0.2||06/25/2018||Updated disclaimers, scope, and definitions|
|1.0.4||11/11/2019||Updated policy statement|
Policy Disclaimer Statement
Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Willful failure to adhere to UISO written policies may be met with University sanctions.