Longwood University
Chief Information Officer:
Information and Instructional Technology
Services
201 High Street, Coyner 107, Farmville, VA
23909
Phone:
434.395.2034 Fax:
434.395.2035
| |
Longwood University |
Policy 6105
ACCESS TO INFORMATION
TECHNOLOGY
RESOURCES AND SYSTEMS
I. PURPOSE
The purpose of this policy is to identify the requirements for granting,
maintaining and terminating users’ access to University information technology
(IT) resources and systems.
II. POLICY
In general, access to and use of Longwood-owned IT
resources and systems will be limited to persons directly affiliated
with Longwood. Exceptions to this limitation are permitted under certain
conditions subsequently described.
A. Longwood Affiliated: Direct affiliation in this context means faculty, staff and students of Longwood University. Faculty includes persons holding either permanent or temporary appointments as well as adjunct faculty, instructors, retired faculty and visiting faculty. Faculty also includes those persons with faculty status such as research associates, research scientists and academic and service professionals. Staff includes all those non-faculty persons employed directly by Longwood or the Longwood University Foundation, either part-time or full-time, as well as retired staff. Students include any persons enrolled or who have signified their intent to enroll (by paying an admissions deposit) in the established academic programs of Longwood, including full or part-time students and degree or non-degree seeking students.
B. Not Longwood Affiliated:
1. Nature of the Work: Access to and use of IT resources and systems by persons not directly affiliated with Longwood must involve work to be performed which satisfies at least one (1) of the following conditions:
a. the work relates directly to or is in support of Longwood sponsored activities.
b. the work involves use of IT resources and systems available only from Longwood and can be accommodated without disruption to established Longwood workloads.
2. Approval for Access: Requests for access by persons not directly affiliated with Longwood must be sponsored by a Longwood employee who agrees to assume responsibility for use and adherence to the Acceptable Use of Information Technology Resources and Systems Policy. Requests must be submitted by the sponsor in writing to the Chief Information Officer for approval.
Requests must identify the person(s) needing access, describe the access needed, indicate the duration of the access (not to exceed 1 year), and provide names, addresses and phone numbers for technical contact individuals.
C. Granting Privileges: Access to Longwood IT resources and systems is granted only for the resources and systems that are necessary for an individual to perform his or her duties, is explicitly granted by the data owner or his or her designee to an individual and is assigned via a unique access account/ID. Authentication is required at the time of access through the use of a password, ID card, etc. (see Authentication Policy).
D. Accountability: The owner of an access account/ID is accountable for its use. It is the ID owner's responsibility to protect the integrity of accessible systems and preserve the confidentiality of accessible information as appropriate. Beyond the account/ID creation process any subsequent access to any discrete resources and/or data must be authorized by the appropriate data owner. Under no circumstances can the data owner, the data owner's authorized alternate or any other individual authorize access for him or herself.
E. Terminating Access:
1. General Requirements: Access will be promptly terminated when the need for that access no longer exists. The Information Security Officer or his or her designee reserves the right to suspend and/or terminate any access privileges he or she determines to be a potential threat to the confidentiality, integrity or availability of any sensitive IT resources and systems.
2.
Specific Requirements:
a. Faculty, staff and retirees: Faculty, staff and retiree access will be terminated after a period of 12 months of account inactivity.
b. Students:
(1) Access granted for students as part of their employment by the University will expire no later than the end of each academic year.
(2) Academic Unix server access for students will be reviewed every six months for inactivity and inactive accounts will be subsequently removed.
F. Access Reviews: Commensurate with sensitivity and risk, all access will be reviewed periodically for accuracy by the data owner(s).
G. Exceptions and Exemptions: Exceptions to or exemptions from any provision of this policy must be approved in writing by the Chief Information Officer or his or her designee.
III.
ENFORCEMENT
The University regards any violation of this policy as a serious offense. Violators of this policy are subject to disciplinary action, in addition to possible cancellation of IT resources and systems access privileges. Users of IT resources and systems at Longwood are subject to all applicable local, state and federal statutes. This policy does not preclude prosecution of criminal and civil cases under relevant local, state, federal and international laws and regulations.
Approved by the Board of Visitors, September 7,
2002.
Revised March 20, 2004.
Revised April 1, 2005.
Revised and approved by the Board of Visitors, September 15, 2006.
Revised and approved by the Board of Visitors, December 7, 2007.
Revised and approved by the Board of Visitors, September 12, 2008.
Revised and approved by the Board of Visitors, March 27, 2009.
http://www.longwood.edu/vpaf/FINAL_POLICY_BASE/6000/6105procedure.htm