Emergency Access via Privileged Access Management Policy

Version 1.0

For Students, Faculty, Staff, Guests, Alumni


The purpose of this policy is to establish a controlled process for gaining Emergency Access to critical systems and applications in situations where standard authentication methods are not possible or practical.


This IT policy, and all policies referenced herein, shall apply to members of the University community, including administrators, staff, authorized guests, delegates, and independent contractors (the "User(s)" or "you") who use, access, or otherwise employ the privileged access security solution referenced.

Policy Statement

  • Emergency access via the University’s privileged access management solution (i.e., CyberArk Vault) must only be used when standard access methods have failed and immediate action is required.
  • Information Security and Assurance is responsible for granting and monitoring emergency access.
  • Information Security and Assurance must validate the emergency situation before granting access.
  • All emergency access activities must be fully logged and monitored.
  • All actions taken during the Emergency Access must be audited and reviewed by Information Security and Assurance and DevOps within 24 hours of the event.
  • Emergency Access credentials must be rotated immediately after use.


CyberArk is a privileged access security solution the University uses to manage and secure credentials.

Emergency Access is extraordinary administrative permission granted for a limited time to resolve an immediate issue.

IT Resources include computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.

Related Policies and Procedures

Non-Persistent Administrative Access Guidelines

Implementation Information

Review Frequency: Annual
Responsible Person: Senior Director of IT Security and Assurance
Approved By: CISO
Approval Date: October 30, 2023

Revision History



1.0 10/30/2023 Initial document

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) will only be considered cooperatively between ISA and the requesting entity with sufficient notice to allow for conducting appropriate risk analysis, documentation, review, and notification to authorized University representatives where necessary. Failure to adhere to ISA written policies may be met with University sanctions up to and including dismissal.

 Need Help?

Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours