Account Access Change Control Policy
For Students, Faculty, Staff, Guests, Alumni
The purpose of this policy is to define IT Resources account access modifications for entities affiliated with the University.
This IT policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrative officials, staff, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
- Authorized parties may deem it necessary to modify an individual’s account access due to a qualifying event. Qualifying events include, but are not limited to:
- Change in role/position within the University department
- Transfer to another University department
- Non-working Leave of Absence (LOA)
- Employee’s job duties no longer require access to certain services or environments.
- Suppose an entity’s status requires a change in account access. In that case, it is the responsibility of the managing supervisor (or higher) to notify Human Resources and IT Service Desk Level 1 to alter account access to pertinent systems.
IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.
Related Policies and Procedures
- Authorized Access to Electronic Information Policy
- Authorized Access to Electronic Information Procedure
- Change Control Policy
- Provisioning and Deprovisioning Policy
|Responsible Person||Senior Director of IT Security and Assurance|
|Approval Date||March 1, 2017|
|1.0.1||03/01/2017||Grammatical changes only. No change to policy.|
|1.0.2||5/22/2018||Updated scope, disclaimer, definitions|
|1.0.3||05/22/2019||Updated related policies|
|1.0.4||03/12/2020||Updated related policies and changed the name of the policy for clarity|
Policy Disclaimer Statement
Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) may only be done cooperatively between ISA and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Failure to adhere to ISA written policies may be met with University sanctions.