Longwood University Chief Information, Technology, and Facilities Officer:     Information and Instructional Technology Services     201 High Street, Coyner 107, Farmville, VA  23909    Phone: 434.395.2034         Fax: 434.395.2035

Policy 6105
ACCESS TO INFORMATION TECHNOLOGY 
RESOURCES AND SYSTEMS

I.     PURPOSE 

Longwood is responsible for assuring the confidentiality, integrity and availability of its information technology resources and systems. While it is the responsibility of the data owners to determine and implement appropriate security controls, ultimately the integrity of shared information technology resources and systems depends on responsible behavior on the part of the users of information technology resources and data within Longwood. The purpose of this policy is to ensure that all users are aware of the procedures utilized to grant and revoke their access privileges.

II.     POLICY

In general, access to and use of Longwood-owned information technology (IT) resources and systems will be limited to persons directly affiliated with Longwood. Exceptions to this limitation are permitted under certain conditions subsequently described.

A.  Longwood Affiliated: Direct affiliation in this context means faculty, staff, and students of Longwood University. Faculty includes persons holding either permanent or temporary appointments as well as adjunct faculty, instructors, retired faculty and visiting faculty while in residence at Longwood. It also includes those persons with faculty status such as research associates, research scientists and academic and service professionals. Staff includes all those non-faculty persons employed directly by Longwood or the Longwood University Foundation, either part-time or full-time, as well as retired staff. Students include any persons enrolled or who have signified their intent to enroll (by paying an admissions deposit) in the established academic programs of Longwood, including full or part-time students and degree or non-degree seeking students.

B.  Not Longwood Affiliated: 

1.  Nature of the Work: Access to and use of IT resources and systems by persons not directly affiliated with Longwood must involve work to be performed which satisfies at least one (1) of the following conditions:

a. the work relates directly to or is in support of Longwood sponsored activities.

b. the work involves use of IT resources and systems available only from Longwood and can be accommodated without disruption to established Longwood workloads.

2.  Approval for Access: Approval for Access by persons not directly affiliated with Longwood must also be sponsored by a Longwood department or organizational entity willing to assume responsibility for use and adherence to the Acceptable Use of Information Technology Resources and Systems Policy. Access requests for persons not directly affiliated with Longwood must be submitted by the sponsor in writing to the following office for approval: Chief Information Officer, or his/her designee, Longwood University, Coyner Building, 201 High Street
Farmville, Virginia 23909.

Requests must identify the person(s) needing access, describe the work to be performed, the duration of the access desired, and provide names, addresses and phone numbers for technical contact individuals.

C.  Granting Privileges: Access to Longwood IT resources and systems is based on least privilege, explicitly granted by the owner or designee and are assigned via a unique access account/ID. Authentication is required at the time of access through the use of a passwords, ID cards, etc. (see Authentication Policy).

D.  Accountability: The owner of an access account/ID is accountable for its use. It is the ID owner's responsibility to protect the integrity of accessible systems and preserve the confidentiality of accessible information as appropriate. Beyond the account/ID creation process any subsequent access to any discrete resources and/or data must be authorized by the appropriate data owner as outlined in the Ownership of Data Policy. Under no circumstances can the data owner, their authorized alternate, or any other individual authorize access for themselves.

E.  Terminating Access:  In general, access will be promptly terminated when the need for that access no longer exists.  The Information Security Administrator reserves the right to suspend and/or terminate any access privileges he or she determines to be a potential threat to the confidentiality, integrity or availability of any sensitive information technology resources and systems of Longwood.    Offices Authorized to Request Information: The following offices are authorized to request access to the Online SIS/FRS systems in the respective areas listed below:

1.  SIS - Student Information System User Group Representatives:

a.  For student records:  Registrar's Office

b.  For cashiering and student accounts records: Student Accounts Office

c.  For financial aid records: Financial Aid Office

d.  For admissions records:  Admissions Office

2.  FRS - Financial Reporting System User Group Representatives: For all financial and budget related records:  Budget Office.

F.  Access Reviews: At a minimum, all access to the SIS/FRS systems and sensitive data, as defined by the Business Impact Analysis/Risk Assessment Policy, will be reviewed for accuracy by the data owner(s) on an annual basis.  A review will be conducted every six (6) months for inactivity and subsequent removal of email access for retirees and Academic Unix server access for students.

G.  Exceptions and Exemptions:  Exceptions to or exemptions from any provision of this policy must be approved in writing by the Chief Information Officer, or his/her designee, for Longwood University.

Approved by the Board of Visitors, September 7, 2002.
Revised March 20, 2004.

Revised April 1, 2005.

Procedures for Policy 6105

Back to the Table of Contents                                                                    Next Policy