IT09 - Identity Management Policy



Similar documents
To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.

General Teaching Council for Northern Ireland. Promoting Teacher Professionalism. Annual Business Plan 2014/2015. Promoting Teacher Professionalism

IT02 - Information Technology (IT) Security Policy

1.1 The University may award Higher Doctorate degrees as specified from time-to-time in UPR AS11 1.

Canon NTSC Help Desk Documentation

Account Transfer and Direct Rollover

Vembu StoreGrid Windows Client Installation Guide

Tuition Fee Loan application notes

DEFINING %COMPLETE IN MICROSOFT PROJECT

Getting It Together Project & Implementation Management

Hollinger Canadian Publishing Holdings Co. ( HCPH ) proceeding under the Companies Creditors Arrangement Act ( CCAA )

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).

The program for the Bachelor degrees shall extend over three years of full-time study or the parttime equivalent.

How To Get A Tax Refund On A Retirement Account

Linear Circuits Analysis. Superposition, Thevenin /Norton Equivalent circuits

Introducing Online Reporting Your step-by-step guide to the new online copy report Online Reporting

Keywords: Tourism, Mobile Learning, Quality Management, Security

VOLUME 7 SECTION 3A REGISTRATION OF COMPANIES CUSTOMER GUIDELINES BASED ON COMPANIES ACT 2004

A Useful Guide to Setting up a Tax Practice

Local Business Starter Pack.

A Secure Password-Authenticated Key Agreement Using Smart Cards

Multitone Electronics Plc. delivering certainty

An Alternative Way to Measure Private Equity Performance

GENESYS BUSINESS MANAGER

2016/17

One Click.. Ȯne Location.. Ȯne Portal...

A Generalized Temporal and Spatial Role-Based Access Control Model

ADVERTISEMENT FOR THE POST OF DIRECTOR, lim TIRUCHIRAPPALLI

Electronic Document Management

What is Candidate Sampling

Effective September 2015

Protection, assistance and human rights. Recommended Principles and Guidelines on Human Rights and Human Trafficking (E/2002/68/Add.

8 ROLES AND RESPONSIBILITIES IN RELATION TO THE ADMISSION OF RESEARCH STUDENTS

Calculation of Sampling Weights

Trivial lump sum R5.0

. TITLE 37 INSURANCE PART XI CHAPTER 27: EMERGENCY - RULE 17 or DIRECTIVE 187

Reporting Forms ARF 113.0A, ARF 113.0B, ARF 113.0C and ARF 113.0D FIRB Corporate (including SME Corporate), Sovereign and Bank Instruction Guide

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) , Fax: (370-5) , info@teltonika.

FREQUENCY OF OCCURRENCE OF CERTAIN CHEMICAL CLASSES OF GSR FROM VARIOUS AMMUNITION TYPES

GENERAL BUSINESS TERMS

Effective December 2015

Traffic-light a stress test for life insurance provisions

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

ACKNOWLEDGEMENTS. Core Operational Guidelines for Telehealth Services Involving Provider-Patient Interactions

CISCO SPA500G SERIES REFERENCE GUIDE

Dear AGWA Member, Sincerely, John G. Porter, Ph.D., CGW Executive Director

CONTENTS Introduction... 3

DISCLOSURES I. ELECTRONIC FUND TRANSFER DISCLOSURE (REGULATION E)... 2 ELECTRONIC DISCLOSURE AND ELECTRONIC SIGNATURE CONSENT... 7

Enterprise Content Management

JPMorgan Commodity Target Volatility Index Series

Overview of monitoring and evaluation

Time Value of Money Module

T3 Comfort connected to IP Office

Virtual Enterprises - Building Blocks for Dynamic e-business. Kumar Bhaskaran IBM Watson Research Center bha@us.ibm.com

2015/16

Data Mining from the Information Systems: Performance Indicators at Masaryk University in Brno

The Safety Board recommends that the Penn Central Transportation. Company and the American Railway Engineering Association revise

Design and Development of a Security Evaluation Platform Based on International Standards

National Security Agency Information Assurance Directorate

Wiltshire Schools Finance Manual September 2008

A role based access in a hierarchical sensor network architecture to provide multilevel security

Traffic-light extended with stress test for insurance and expense risks in life insurance

VOLUME 5 SECTION 1 STANDARDS FOR EDUCATIONAL INSTITUTIONS

Updating the E5810B firmware

Quality Management System at Construction Project: A Questionnaire Survey

Simple Interest Loans (Section 5.1) :

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

The OC Curve of Attribute Acceptance Plans

Trust Deed UNISAVER NEW ZEALAND

For example, you might want to capture security group membership changes. A quick web search may lead you to the 632 event.

Revised and re-published by the Ministerial Advisory Committee: Students with Disabilities Level 4, 111 Gawler Place, Adelaide SA 5000 February 2006

Survey on Virtual Machine Placement Techniques in Cloud Computing Environment

This circuit than can be reduced to a planar circuit

Assurant Employee Benefits City of Frisco Dental DHMO & Dental PPO

Mission Oriented Business Integration Services (MOBIS) FSC Group: 874 Class: R499

July Volume 1 of 4. Notice to Tenderers Tender Forms & Conditions of Tender

A Novel Problem-solving Metric for Future Internet Routing Based on Virtualization and Cloud-computing

CHOLESTEROL REFERENCE METHOD LABORATORY NETWORK. Sample Stability Protocol

APPLICATION OF PROBE DATA COLLECTED VIA INFRARED BEACONS TO TRAFFIC MANEGEMENT

Global innovative solutions You can rely on.

Instructions for Analyzing Data from CAHPS Surveys:

Sample Design in TIMSS and PIRLS

Activity Scheduling for Cost-Time Investment Optimization in Project Management

CLOUD COMPUTING AUDIT

Rob Guthrie, Business Initiatives Specialist Office of Renewable Energy & Environmental Exports

Software project management with GAs

Feature selection for intrusion detection. Slobodan Petrović NISlab, Gjøvik University College

Introduction CONTENT. - Whitepaper -

A DATA MINING APPLICATION IN A STUDENT DATABASE

A system for real-time calculation and monitoring of energy performance and carbon emissions of RET systems and buildings

Integer Programming Formulations for the Uncapacitated Vehicle Routing p-hub Center Problem

SUPPLIER FINANCING AND STOCK MANAGEMENT. A JOINT VIEW.

Reporting Instructions for Schedules A through S

Uncrystallised funds pension lump sum

Calculating the high frequency transmission line parameters of power cables

The Games of Cournot Sports

Hosted Voice Self Service Installation Guide

Data security in Intelligent Transport Systems

Privacy Impact Assessment (PIA) Name of Project: Access Control (Badging and Access) System Project's Unique 10: ID: B&A. I Project's Unique ID:!

Guidance for Operational Risk Management in Government Debt Management 1 Tomas Magnusson, Abha Prasad and Ian Storkey

Transcription:

IT09 - Identty Management Polcy Introducton 1 The Unersty needs to manage dentty accounts for all users of the Unersty s electronc systems and ensure that users hae an approprate leel of access to these systems at all tmes. 2 The purpose of ths polcy s to help ensure that dentty management s undertaken n a manner that: Enables the ntegraton of nformaton about an nddual held n dfferent systems. Ensures users hae access to ther own personal data and to Unersty systems requred to undertake ther studes, job or role at the Unersty. Allows ndduals to authentcate to a system or serce usng a username or other dgtal dentfer and, where approprate, authentcates them automatcally usng sngle-sgn-on technology Mnmses the burden on dentty account admnstrators and on the users themseles. Ensures complance wth the Unersty s legal, commercal and ethcal responsbltes. Termnology 3 Wthn ths polcy:- Identty s defned as a means of dentfyng an nddual through electronc means usually n the form of a username. Learner s defned as a person who s gong to be, currently s or has been regstered at the Unersty as a learner. Member of staff s defned as a person who s employed and pad by the Unersty. Afflate s defned as a person who requres electronc access to Unersty systems/serces but who s not classfed as a learner or member of staff. Source system s defned as the system that s recognsed as the authortate source for data about a partcular user type e.g. the Student Record System s the source system for all learners. Identty Management system s defned as the system that accepts data for learners, members of staff and afflates from the approprate source systems and usng predefned busness rules, creates dentty accounts and prosons those accounts to access a arety of Unersty systems accordng to those busness rules. IT09 - Identty Management Polcy 2.0 - Page 1 of 6

Prosonng s defned as actatng an dentty to use a partcular system or serce. De-prosonng s defned as deactatng access from a system or serce for an nddual. Access rghts are used to control who can do what n a gen system or serce. The who s specfed n the form of a sngle dentty or set of denttes (a group) and the what s defned as a set of permssons e.g. read-only, create, edt, delete. Access rghts can be granted (added) or reoked (remoed). x Sngle sgn-on s a technology used to allow a sngle authentcaton to permt access to multple systems wthout the need to logn to each system nddually, thus sang the user tme. Scope 4 The scope of ths Identty Management polcy ncludes the followng processes: Creatng a new dentty Prosonng an dentty to access Unersty systems or serces Grantng access rghts for an dentty for a system or serce Reokng access rghts from an dentty Remong an dentty 5 Man Unersty learnng systems such as the Portal, VLE, Emal, Lbrary, Staff/Student network and wreless network wll be prosoned automatcally as part of the dentty management process. 6 Some Unersty systems wll fall outsde of the dentty management and automatc prosonng process. These may nclude the Student Records System, Fnance, HR/Payroll back-offce applcatons, Accommodaton, Tmetablng and other busness systems where user accounts are created and access rghts assgned manually by the School/Serce who manage that system. A request form may need to be completed and approed followed by attendance of a tranng course before access to that system can be granted. 7 Physcal access to Unersty buldngs and rooms s outsde the scope of ths polcy but t s assumed that the Identty Management system may be used as a data source for an electronc access control system. Prncples 8 Whereer possble, an nddual person wll hae a sngle dentty for use across all of the Unersty s systems and serces. 9 Where an nddual s accessng Unersty systems n more than one capacty (e.g. they are a member of staff and a student), n addton to ther prmary dentty, t may be necessary to create a secondary dentty for that nddual as the source of the data comes from dfferent systems and there s no practcal way of reconclng the two source denttes as one. IT09 - Identty Management Polcy 2.0 - Page 2 of 6

10 An dentty must be unque and not be used by more than one nddual. 11 Before beng assgned any dentty wth access rghts to use Unersty systems, all ndduals must agree to the Unersty s Acceptable Use Polcy. Ths wll be part of the regstraton or employment contract acceptance process. 12 The followng wll hae denttes wth access to Unersty systems: Unersty students, who are pre-enrolled, fully enrolled, elgble for reenrolment or Alumn. Members of staff wth a contract of employment wth the Unersty. Staff on temporary contracts or appontments approed by the HR Serce. A recognsed afflate of the Unersty Other ndduals at the dscreton of the Unersty. 13 Users denttes can be classfed nto three man types :- Learner. Typcally a student who wll hae a status to ndcate ther current relatonshp wth the Unersty.e. a prospecte student, applcant, preenrolled, acte, graduate, or an Alumn. Member of staff. Someone who s employed and pad by the Unersty. Afflate. All other user types, examples of whch are goernors, mentors, Practce assessors, conference delegates, stng lecturers etc. 14 The Unersty has to balance user access requrements wth constrants wthn whch t must operate such as software or database lcense terms, external gudelnes and nternal polces and procedures. 15 For conenence, sngle sgn-on technology can be used to allow a sngle authentcaton to allow access to multple systems e.g. a logn to the Portal wll allow automatc access to the VLE wthout the need to logn agan. For Unersty busness systems, where senste data s beng held, t would not be approprate to use sngle sgn-on. 16 A learner type wll hae a status that wll dctate the systems or serces they wll hae access to and the type of access for a partcular system. As learners moe from one status to another, ther access rghts may ary. 17 Access rghts can be expressed as the ablty to logn to a system or use a serce (e.g. the wreless network), a prlege leel wthn a system (e.g. read or read/wrte) or as access to partcular elements of the system (e.g. certan unt pages of the VLE or certan areas of the Portal) 18 Access rghts wll also be goerned by what type of course(s) a learner s actely studyng on. Where a partcular learner s studyng on more than one course at the same tme, the access rghts applcable to all courses wll be gen. Courses beng taught off- campus wll also change the access rghts so that learners on those courses are not prosoned for serces that they wll neer use. For nstance, f a IT09 - Identty Management Polcy 2.0 - Page 3 of 6

course s beng run at an employer locaton, t would not be approprate to proson access to the Unersty wreless network. 19 Each combnaton of learner status and course type wll hae a default set of access rghts that hae been agreed centrally. It s recognsed that ths default may not be approprate for all stuatons and can, therefore, be oerrdden by addng or remong access rghts. Howeer, there wll be certan access rghts that cannot be oerrdden. 20 When a learner successfully completes ther course, they wll moe from acte to graduate status and ther access rghts modfed accordngly. After the graduaton ceremony, the learner wll moe from a graduate to an Alumn status. 21 If a student s n debt to the Unersty and sanctons are appled, the Identty Management system wll change the student to a debtor status and apply the access rghts assocated wth that status. 22 All staff user types wll be prosoned to use systems and gen access rghts requred to undertake ther nddual job or role at the Unersty at that tme. It s recognsed that durng a perod of employment, a member of staff s job or role may change and therefore ther access rghts may also need to be modfed accordngly. 23 Afflates wll be classfed by dfferent types and each afflate type wll hae a default set of access rghts to determne what systems and serces they wll be prosoned for. The system used to manage afflates should hae a self-serce front-end for afflates to self-regster themseles. For certan types of afflates, an approal step may be requred to be undertaken by an admnstrator n the School/Serce before they are prosoned for access to systems or serces. 24 Some external organsatons such as partner colleges or employers wll be proded wth Extranet access to specfc Unersty systems to undertake certan functons such as block bookng of learners on courses, ewng of tranng records etc. Access rghts wll be agreed on a case-by-case bass and wll form part of the contract wth that external organsaton. All employees of such organsatons wll be classfed as afflates, not as members of staff. 25 In some cases, an afflate may need to be assocated wth a learner or group of learners. For example, an employee workng for an external organsaton may be dentfed as a mentor for a student or students and therefore requre read access to the same unt pages on the VLE as the student(s) they are mentorng. Lkewse, an afflate may hae the role of practce assessor who wll need ncreased access rghts to the VLE so that they can ew and assess the work of a cohort of students. Source Systems and Data Qualty 26 The Student Records System wll be the sngle authortate source of learner data for the Identty Management system. Changes n learner personal data, learner status and course enrolment data from the Student Records System wll dre the dentty management process. 27 The HR/Payroll System wll be the sngle authortate source of staff data for the Identty Management system. Starters and leaers and changes n staff personal data from the HR/Payroll System wll dre the dentty management process. Staff IT09 - Identty Management Polcy 2.0 - Page 4 of 6

access rghts wthn specfc systems such as the Emal, Student Records, Fnance and Accommodaton systems wll be determned by ther job/role and wll be requested ether by themseles or by ther lne manager f authorsaton s requred. Prosonng of such access s outsde the scope of the Identty Management system. 28 The system used to manage afflate records wll be sngle authortate source of afflate data for the Identty Management system. 29 Only the systems dentfed aboe wll be used to create user denttes although other systems may cause the status of a user account or ther access rghts to be changed. 30 The Identty Management system s wholly relant on the qualty of data from ts source systems and the tmelness of eents wthn those systems to ensure that eery user has the approprate access rghts at the correct tme. It s the responsblty of the data owners to ensure that a hgh-degree of data qualty s mantaned and that the system that holds that data s updated n a tmely fashon. Procedures 31 The creaton of user accounts and prosonng/de-prosonng of serces wll be a fully automated procedure as a result of the ntegraton of the Identty Management System wth ts source and target systems except for those systems dentfed as beng out of the scope of the Identty Management process where ths wll be a manual process. 32 Schools, Academc Serces and ICT wll hae the capablty to oerrde the default access rghts for a course or course nstance or for an afflate type by addng or remong serces as approprate. Ths must be done at a tme before those users are prosoned for serces as the access rghts cannot be changed retrospectely. 33 Identtes and access rghts should be created wthn 24 hours of the data beng aalable n the source system and that nddual beng n a status elgble for an dentty to be created. Identtes may also be created a self-regstraton or a a manual request n certan crcumstances. 34 Changes to access rghts should be processed wthn 24 hours of the source system beng changed. 35 Identtes and access rghts should be reoked wthn 3 workng days of an nddual no longer beng elgble. 36 All Identty Management System transactons both automated and manual must be recorded n an audt log n order to nestgate and deal wth queres and exceptons and to support audt, reportng and reew processes. Other Sources of Informaton 37 Other Unersty IT polces: IT01 IT Acceptable Use Polcy; IT09 - Identty Management Polcy 2.0 - Page 5 of 6

IT02 IT Securty Polcy; IT03 Internet Usage Polcy; IT04 Emal and Instant Messagng Usage Polcy; IT05 Telephone and Moble Phone Usage Polcy; IT06 IT Hardware and Software Polcy; IT07 Dsposal of IT Equpment and Meda Polcy; IT08 Applcaton Systems Polcy http://portal.solent.ac.uk/support/offcal-documents/polces-proceduresgudelnes/nformaton-communcaton-technology.aspx Author(s): Ownng commttee: Approed by: Date of approal: 9 July 2015 Verson: 3.0 Next reew date: August 2016 Kenton Wheeler, Head of ICT Techncal Deelopment Management Informaton and Technology Commttee Paul Colbran, Drector of ICT IT09 - Identty Management Polcy 2.0 - Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information