Skip to main content

Generic Accounts Policy

Version 1.0.2

Purpose

This policy establishes the unacceptable use of generic accounts.

Scope

This IT policy, and all policies referenced herein, shall apply to all members of the University community including faculty, students, administrative officials, staff, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • Generic account use is prohibited.
  • Generic account requests may be granted based on justification and appropriate need. University Information Security Office (UISO) must approve exceptions to this policy in advance through IT Customer Care ticketing system.
  • Generic accounts need to ensure compliance with University policies (i.e., auditing of rights/permissions to appropriate users).
  • The UISO will audit the usage of generic accounts on an annual basis and will work with the owners of found generic accounts to limit their use with minimal impact on the business of that department.

Definitions

A generic account is considered an account that is not derived using the faculty, staff, or student naming convention. There is no corresponding ID associated with a generic account. These are accounts that fail to identify the person or entity using the account. Generic accounts pose risks and added security concerns on University networks.

IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Related Policies and Procedures

Implementation Information

Review Frequency Annual
Responsible Person Director, IT Risk and Data Integrity
Approved By CISO
Approval Date March 6, 2017

Revision History

Version Date Description
1.0 07/28/2016 Initial document
1.0.1 03/06/2017 Definitions edit; no change to policy.
1.0.2 05/23/2018 Updated disclaimer, scope, and definitions

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Willful failure to adhere to UISO written policies may be met with University sanctions.