Approved by Executive Tier on November 1, 2012
ICIT provides NetID-based authentication to a number of campus services including email, file storage, student and employee records systems and others. Some of these systems are provided as campus wide services to enhance productivity and learning, while others are specific business systems that meet the operational needs of departments on campus.
These systems fall into two main classes:
Enterprise Communication and Collaboration Systems
These services are provided for all campus users to enhance productivity and learning. ICIT will make these services available to campus members as early in their lifecycle and for as long as it is cost-effective to do so from a resource and software licensing perspective. Examples of these services include access to the campus wired and wireless network, campus email and file storage services, access to General Access computing labs and access to campus printing services.
Campus business systems
These systems directly support the operational missions of the University or enhance the productivity of a particular office and frequently contain sensitive information. Rights and permissions in these systems are granted based on a user’s job responsibilities and must be reviewed and adjusted when a user changes jobs. Access to these systems will be granted only based on business need and will be removed as soon as is practically possible after the need is no longer present. Examples of these services include access to the campus student records system (WINS), campus document imaging (ImageNow) and access to the UW System human resources system (HRS).
ICIT and the campus are challenged with providing appropriate and timely access to services when users are authorized as well as ensuring that access is removed when no longer needed. In order to provide a framework for designing access control systems that meet this need, we suggest that the three system classifications defined above serve as a basis for determining how and when users will be granted access to services as well as when that access will be removed.
ICIT will provide access (or will work with campus departments to ensure that access is provided) according to the following schedule for students:
|Type of System||Student Affiliations Aplies||Enrolls||Is no longer enrolled||Graduates|
|Campus-wide System||No access||Access granted||Retained for 180 days||Retained for 180 days|
|Campus Business System||Access granted (1)||Access retained||Access retained||Access retained|
(1) Access is granted to students to maintain their own information in WINS at application and is retained after graduation or active enrollment for ongoing access to the student's own information.
ICIT will provide access (or will work with campus departments to ensure that access is provided) according to the following schedule for employees:
|Type of System||Employee Affiliations Is Hired||Changes Jobs||Ceases Employment||Retires|
|Campus-wide System||Access granted||Access retained||Retained for 14 days||Access retained (2)|
|Campus Business System||Access granted||Access reviewed (3)||Access removed||Access removed|
ICIT provides an expedited process for disabling access for employees in situations that require an immediate suspension of access to electronic systems. To initiate this process, contact the TSC Helpdesk at 472-4357 or email@example.com.
In order to facilitate an appropriate transition of business records during a staff member's departure, ICIT can make a copy of a departing employee's email and network file storage available to the employee's supervisor. This is done only upon request, and must be requested within 7 days of the employee's end date and requires approval of Provost (or designee) in the case of faculty or Vice Chancellor of Administrative Affairs (or designee) in the case of all other staff.
ICIT will provide automated notice to students, faculty and staff via email prior to removing access to campus-wide or enterprise communication services. It will be the responsibility of individual campus business system owners and supervisors to communicate access status for these employees. Where this access is manually granted / revoked, it will be the responsibility of the unit maintaining access to remove access as appropriate.
Service level agreements (SLA's) allow Information, Communication and Information Technology to offer colleges, departments and university organizations IT services on an enterprise level.