IT Services Standard Faculty Service Access

Transcription

1 IT Services Revision History IT Services Standard Faculty Service Access Revision and Review Version Version Date Status Summary of Changes Author 0.1 Oct 8, 2013 Draft Initial Draft Kevin Vadnais 0.2 Nov 7, 2013 Draft Modifications as suggested by ITS leaders, as well as changes to include the retention of academic staff data until a more formal project can decide on permanent action. 1.0 Nov 18, 2103 Final Added Appendix A and made final formatting changes 1.1 Nov 29, 2013 Update Changed some aspects of the Library Services Kevin Vadnais, Project Team, ITS Leaders Kevin Vadnais Leona Jacobs Document Reviews Reviewer Name and Title Date Darren Schell, Manager, Transformation Solutions Nov 7, 2013 IT Services Standard Page 1 of 4

2 Authority & Alignment Authority UNIVERSITY OF LETHBRIDGE INFORMATION AND TECHNOLOGY MANAGEMENT POLICY Subsection 4 Privacy, Information Security, and Identity Management Subsection 5 Information Management Alignment Provincial Post-Secondary System ITM Strategic Direction Priority High Quality Teaching and Learning Environment Overview This standard specifies the terms and conditions of granting and revoking access to University Services for faculty members. Scope This Standard applies to all accounts held by academic staff defined as individuals appointed as academic staff by the University of Lethbridge Board of Governors. This includes both full time and part time positions as well as sessional instructors. This document applies only to the process of granting and revoking access to and data services, and does not cover any aspect of or data storage/retention. Compliance & Exceptions Exceptions to this standard must follow the exception process defined below. Failure to comply with this standard may result in disciplinary action. Disciplinary actions shall follow established University policies and procedures and shall be in accordance with the applicable Faculty Handbook, Sessional Lecturers Handbook, collective agreement and employee manuals. Standard Requirements Access to University services for academic staff members happens automatically upon the successfully processing of a Payroll Authorization Form (PAF) in the Banner ERP system. These services include the following: 1. a business account 2. Wireless Access to the UofL wireless network on campus IT Services Standard Page 2 of 4

3 3. VPN Access to the Virtual Private Network software for connecting to campus network resources from off-campus. 4. A backed up storage space for working files. This storage space is backed up and accessible from any computer logged into on campus. 5. Library services 6. Other various security groups as required for administrative purposes and access to network shared storage spaces. Some services not specified by this standard may require additional forms to be filled out, but these requests will be dealt with on a case-by-case basis. These services will remain in place throughout the academic staff member s career at the University. When the academic staff member terminates employment with the University, actions are taken to remove access to these services. The revocation of each service is as follows: 1. VPN, Security Groups and Wireless Access to these services is removed on the effective date of termination. 2. Access to their business will be removed immediately after the effective date of termination passes. If business needs require it, services can be accessed again through the exception process outlined below. For a short amount of time, an automated message will be created to inform senders that the account is no longer active and they should direct their correspondence to a different source. a. For those Academic staff who are retiring from the University in good standing, provisions will be made to retain their services as recognition of service. b. The contents of an Academic staff member s will not be deleted after termination of employment with the University. His/her mailbox will be archived and stored for data retention purposes 3. File Services Access to the content on the file storage space will be removed immediately after the effective date of termination passes and can be granted back using the exception process outlined below. a. Academic staff member file and web content located on University storage will not be deleted after termination of employment with the University. 4. Library Services continued access to library services will be determined by the Library s Access Policy (to information resources and as approved by the University s General Faculties Council). 5. Section 2.b and 3.a will only be carried out until a project has been completed that addresses academic and research data retention issues. These sections are IT Services Standard Page 3 of 4

4 not intended to be a permanent operational activity and will be removed once the retention project has concluded. Exception Process Any exceptions to this policy must be approved in writing by the chair of the academic staff member s department, the Dean or Librarian of the respective Faculty/Department/School, and the Provost, subject to the Faculty Handbook and Sessional Lecturers Handbook. Each request will then be processed by the Information Security Office. The exception request form must include the following information: 1. The account holder information (name, username, contact method) 2. The details of the exception (what service is being altered, why the exception is required) 3. The dates for the duration of the exception (start date, end date) 4. Authorizing signature of the Chair, Dean, and Provost. Related Content Type Policy Title Information and Technology Management Policy Data Classification The information in this document is classified as: Public. Measurement Active access for academic staff members should not be discovered during annual audits after their terminations have been processed, with the exception of retiree s services. 100% of all exceptions will have associated forms available for auditing purposes upon request Contact Kevin Vadnais Manager, Information Security Office IT Services Standard Page 4 of 4

5 Authorization & Signature Mark Humphries, CIO Date IT Services Standard Page 5 of 4

6 Appendix A Exception Guidelines There are some circumstances where individuals may be members of multiple user groups. This may lead to confusion about which set of standards should apply in a given situation. This appendix is meant to offer some suggestions where a clear exception case is not evident. As new situations arise that require clarity, this section will be updated appropriately. 1. A continuing employee or academic staff member who is also registered as a student is terminated. In this situation, it would be advisable to do the following: a. Treat the termination as an employee/academic staff termination and remove access to the address and staff file services immediately. b. Rename the account to a new address for the individual and modify affected class/student mailing lists to ensure continued receipt of student related materials. This prevents future business correspondence from arriving in the students account. 2. A continuing employee or academic staff member who also has alumni status is terminated. In this situation, it would be advisable to do the following: a. Treat the termination as an employee/academic staff termination and remove access to and staff file services immediately. b. If not previously done, create a new alumni address for the individual (@alumni.uleth.ca). This prevents future business correspondence from arriving in the individual s account. A message indicating the new alumni status and address may be added to the terminated employee account to help redirect personal communications. IT Services Standard Page 6 of 4