Authorized Access to Electronic Information Procedure
Version 4.0
For Students, Faculty, Staff, Guests, Alumni
Purpose
The purpose of this procedure is to instruct an individual or proxy how to temporarily gain access to another user’s Electronic Information stored on University IT Resources, which they may not be authorized to access in their standard business operations.
Scope
This IT document and all policies referenced herein shall apply to all members of the University community, including faculty, students, administrators, staff, alumni, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.
Procedure Statement
- Users requesting or accessing the Electronic Information of another individual must follow the requirements of the Authorized Access of Electronic Information Policy.
- Access request authorizations should be provided and documented in ServiceNow.
- Requests and subsequent approval must be submitted to the Chief Information Security Officer (CISO), Chief Information Officer (CIO), or the President; see the Authorized Access of Electronic Information Policy for details.
- The appropriate technical administrator exports or provides access to the requested Electronic Information.
- The appropriate technical administrator records their activities and closes the ticket on ServiceNow.
NB: No Fordham Sensitive or Fordham Protected Data should be stored in ServiceNow. Requests must be modified to ensure confidentiality.
Definitions
Electronic Information refers to documents and communications, including email, voice mail, and text messages, and their associated metadata, located in files and accounts related to a particular user.
IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.
Related Policies and Procedures
- Acceptable Use of IT Infrastructure and Resources Policy
- Authorized Access to Electronic Information Policy
- Provisioning and Deprovisioning Policy
Implementation Information
Review Frequency: | Annual |
---|---|
Responsible Person: | Senior Director of IT Security Operations and Assurance |
Approved By: | CISO |
Approval Date: | March 25, 2019 |
Revision
Version | Date | Description |
---|---|---|
1.0 | 03/25/2019 | Initial document |
2.0 | 08/19/2020 | Updated procedure statement |
2.1 | 08/31/2021 | Updated EasyVista instructions |
2.2 | 10/26/2022 | Updated Links and Sr Director’s title |
3.0 | 02/09/2023 | Replaced EasyVista with ServiceNow |
4.0 | 03/04/2024 | Updated purpose, scope, and statement |