IT Standards & Support

Related Links

 

 

Position Brief: Access to Services (NetID Lifecycle)

Approved by Executive Tier on November 1, 2012

 

Background

iCIT provides NetID-based authentication to a number of campus services including email, file storage, student and employee records systems and others. Some of these systems are provided as campus wide services to enhance productivity and learning, while others are specific business systems that meet the operational needs of departments on campus.

These systems fall into two main classes:

Requirements and Issues for Access to Services

iCIT and the campus are challenged with providing appropriate and timely access to services when users are authorized as well as ensuring that access is removed when no longer needed. In order to provide a framework for designing access control systems that meet this need, we suggest that the three system classifications defined above serve as a basis for determining how and when users will be granted access to services as well as when that access will be removed.

iCIT will provide access (or will work with campus departments to ensure that access is provided) according to the following schedule for students:

Student Affiliations
Type of System Applies Enrolls Is no longer enrolled Graduates
Campus-wide System No access Access granted Retained for 180 days Retained for 180 days
Campus Business System Access granted(1) Access retained Access retained Access retained

 

(1)Access is granted to students to maintain their own information in WINS at application and is retained after graduation or active enrollment for ongoing access to the student’s own information.

iCIT will provide access (or will work with campus departments to ensure that access is provided) according to the following schedule for employees:

Employee Affiliations
Type of System Is Hired Changes Jobs Ceases Employment Retires
Campus-wide System Access granted Access retained Retained for 14 days Access retained(2)
Campus Business System Access granted Access reviewed(3) Access removed Access removed

 

iCIT provides an expedited process for disabling access for employees in situations that require an immediate suspension of access to electronic systems. To initiate this process, contact the TSC Helpdesk at 472-4357 or helpdesk@uww.edu.

Retention / Review of Business Records

In order to facilitate an appropriate transition of business records during a staff member’s departure, iCIT can make a copy of a departing employee’s email and network file storage available to the employee’s supervisor. This is done only upon request, and must be requested within 7 days of the employee’s end date and requires approval of Provost (or designee) in the case of faculty or Vice Chancellor of Administrative Affairs (or designee) in the case of all other staff.

Notification regarding loss of access

iCIT will provide automated notice to students, faculty and staff via email prior to removing access to campus-wide or enterprise communication services. It will be the responsibility of individual campus business system owners and supervisors to communicate access status for these employees. Where this access is manually granted / revoked, it will be the responsibility of the unit maintaining access to remove access as appropriate.

(2)Access for retirees will be maintained to the extent that cost and software licensing allow.

(3)Review process may require an additional request by employee or supervisor to retain access in new role

APPENDIX 1 – PROCESS FOR DISABLING EMPLOYEE EMAIL

1. When an employee’s appointment record is updated with an end date, a hold will be placed on the account to prevent deletion of email items. Items that are deleted will be placed in a ‘hold’ status and will not be purged from the system.

2. On the employee’s end date, a copy of the employee’s mailbox will be preserved and an automatic reply will be placed on the account. A mailbox copy can be provided to the employee’s supervisor on request and with appropriate approval, and an alternate wording for the default automatic reply can be provided by the employee’s supervisor.

3. Employee will be provided with access to mailbox for 14 days after the employee’s appointment end date.

4. After 14 days, a final copy of the mailbox will be archived and the account will be removed from the email system. This copy will also be provided to supervisor provided approval has been granted previously.