Policy Number
VII:01:28
Purpose
The purpose of this policy is to establish procedures for requesting, enabling, and disabling of computer accounts and accesses for faculty and staff.
Policy
- Disabling of accounts
- All accounts, regardless of role, will be disabled after 30 days if the account is not accessed via computer, portal, or email login. If the employee is no longer employed by Volunteer State, the account will be deleted. If the employee is actively employed, the account will be re-enabled via request to the IT helpdesk.
- Risk tolerance: A 30-day window of inactivity is considered to be a low-security risk, except in cases noted in the account role tables below.
- Definition of roles
- Access policies are defined by a role-based perspective. The roles defined below are designed with the understanding that future roles may be defined in the future, and that an individual may have more than one role. For example, a staff member may also be an adjunct faculty.
- The primary roles are:
- Full-time faculty member
- Adjunct faculty member
- Full-time staff
- Part-time/temporary staff
- Volunteer/non-employee/contractor
- Elevated security accounts (may exist in departments such as Financial Aid, Information Technology, Business and Finance, Records, and Admissions and may be full-time or part-time.)
- Breakdown of access type
- In order to simplify access and define risk and tolerance, the access levels are defined as follows:
- Basic: Email access, computer logon, wireless network access, network folder access, Self Service Banner (SSB).
- All access to systems beyond basic is granted by the account role. Such systems that require elevated access are:
- D2L
- Banner
- Other departmental and college systems
- Accounts will be created and deleted based on triggers. These triggers are based upon Banner as the source of authority. All accounts, as noted above, are subject to a 30-day inactivity-based disable. Account triggering activities are:
- Employment start date
- Employment separation date
- In order to simplify access and define risk and tolerance, the access levels are defined as follows:
- Access tables
The tables below lay out the creation and deletion activities for each account role, as well as the risk and tolerance for each role.
| Role | Access Type | Account Creation | Actions on Creation | Account De- provision Timing | Actions on De-provision | Risk And Tolerance |
| Full-time Faculty | ||||||
| Basic | New hires are granted access upon population of PEAEMPL by Human Resources. | Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Account will be disabled on the effective date (last paid date) from the Personnel Action Form. Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Department heads will be granted 30 days email and network folder access for review. After 30 days, account will be deleted. | Low Risk: Basic account access carries little risk to systems or sensitive information. | |
| Banner | Upon request and approval by Banner Data Custodians. Refer to VII:01:25 Banner Access Request Policy for process and information. | Notifications: Information Technology, Department Head, Data Approvers | Effective date from the Personnel Action Form or request by department head. | Low risk: Banner access granted to this role carries low risk of manipulation of data. | ||
| D2L | Automatic creation from Banner once basic account is created. | Part of basic notification. | Account will be disabled on the effective date (last paid date) from the Personnel Action Form. | De-provisioned with basic account. | Low Risk: Account carries low risk to data or systems. | |
| Other College Systems | Upon request to Information Technology or departmental system administrator | Notifications: Information Technology, Department Head | Account will be disabled on the effective date (last paid date) from the Personnel Action Form. | Low Risk: These accounts carry little risk to systems or sensitive information. | ||
| Role | Access Type | Account Creation | Actions on Creation | Account De- provision Timing | Actions on De-provision | Risk And Tolerance |
| Adjunct Faculty | ||||||
| Basic | -New hires are granted access upon population of PEAEMPL by Human Resources. - Deans are responsible for requesting accounts for their division by completing and submitting an Adjunct Faculty Account Authorization form. |
Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Adjunct faculty accounts are considered low risk. Accounts will not be automatically disabled. Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Account will be deleted. | Low Risk: Basic account access carries little risk to systems or sensitive information. | |
| Banner | No Banner access will be granted to adjunct faculty. | |||||
| D2L | Automatic creation from Banner once basic account is created. | |||||
| Role | Access Type | Account Creation | Actions on Creation | Account De- provision Timing | Actions on De-provision | Risk And Tolerance |
| Full-time Staff | ||||||
| Basic | New hires are granted access upon population of PEAEMPL by Human Resources. | Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Account will be disabled on the effective date (last paid date) from the Personnel Action Form. Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Department heads will be granted 30 days email and network folder access for review. After 30 days, account will be deleted. | Low Risk: Basic account access carries little risk to systems or sensitive information. | |
| Banner | Upon request and approval by Banner Data Custodians. Refer to VII:01:25 Banner Access Request Policy for process and information. | Notifications: Information Technology, Department Head, Data Approvers | Effective date from the Personnel Action Form or request by department head. | Low risk: Banner access granted to this role carries low risk of manipulation of data. | ||
| D2L | Not applicable | |||||
| Other College Systems | Upon request to Information Technology or departmental system administrator | Notifications: Information Technology, Department Head | Account will be disabled on the effective date (last paid date) from the Personnel Action Form. | Low Risk: These accounts carry little risk to systems or sensitive information. | ||
| Role | Access Type | Account Creation | Actions on Creation | Account De- provision Timing | Actions on De-provision | Risk And Tolerance |
| Part-time/Temporary Staff | ||||||
| Basic | New hires are granted access upon population of PEAEMPL by Human Resources. | Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Account will be disabled on the effective date (last date available) from the Personnel Action Form. Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Department heads will be granted 30 days email and network folder access for review. After 30 days, account will be deleted. | Low Risk: Basic account access carries little risk to systems or sensitive information. | |
| Banner | Upon request and approval by Banner Data Custodians. Refer to VII:01:25 Banner Access Request Policy for process and information. | Notifications: Information Technology, Department Head, Data Approvers | Effective date from the Personnel Action Form or request by department head. | Low risk: Banner access granted to this role carries low risk of manipulation of data. | ||
| D2L | Not applicable | |||||
| Other College Systems | Upon request to Information Technology or departmental system administrator | Notifications: Information Technology, Department Head | Account will be disabled on the effective date (last date available) from the Personnel Action Form. | Low Risk: These accounts carry little risk to systems or sensitive information. | ||
| Role | Access Type | Account Creation | Actions on Creation | Account De- provision Timing | Actions on De-provision | Risk And Tolerance |
| Volunteer/Non-employee/Contractor | ||||||
| Basic | Department head will submit a Non-Employee Account Authorization form to Information Technology | Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Account will be disabled based on notice from the Department Head in which this role resides. Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Account will be deleted. | Low Risk: Basic account access carries little risk to systems or sensitive information. | |
| Banner | Access will not be granted. Exceptions may be requested by written approval of the Chief Information Officer and upon request and approval by Banner Data Custodians. Refer to VII:01:25 Banner Access Request Policy for process and information. | |||||
| D2L | Not applicable | |||||
| Other College Systems | Upon request to Information Technology or departmental system administrator | Notifications: Information Technology, Department Head | Account will be disabled based on notice from the Department Head in which this role resides. | Low Risk: These accounts carry little risk to systems or sensitive information. | ||
| Role | Access Type | Account Creation | Actions on Creation | Account De- provision Timing | Actions on De-provision | Risk And Tolerance |
| Elevated Security Accounts | ||||||
| Basic | New hires are granted access upon population of PEAEMPL by Human Resources. | Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Account will be disabled on the effective date (last paid date) from the Personnel Action Form. Notifications: Human Resources, Payroll, Department Head, Information Technology, Campus Police |
Account will be deleted. | Low Risk: Basic account access carries little risk to systems or sensitive information. | |
| Banner | Upon request and approval by Banner Data Custodians. Refer to VII:01:25 Banner Access Request Policy for process and information. | Notifications: Information Technology, Department Head, Data Approvers | Effective date from the Personnel Action Form or request by department head. | High risk: This elevated access caries high risk to systems and information and should be deleted on last working day. | ||
| D2L | Not applicable | |||||
| Other College Systems | Upon request to Information Technology or departmental system administrator | Notifications: Information Technology, Department Head | Account will be disabled on the effective date (last paid date) from the Personnel Action Form. | Low Risk: These accounts carry little risk to systems or sensitive information. | ||
VSCC Source: President’s Cabinet, March 5, 2018. President’s Cabinet, December 16, 2019.
