Authorization and Access Control

IT Resource Security Standards - Authorization Access Control

All IT Resources are to be configured in a manner that allows individuals only the minimum privileges required to complete the task assigned to them. Privileges assigned to individuals must be reviewed on a regular basis, and modified or revoked upon a change in status with the University.

All authorized third parties, including contractors, consultants or other non-employees must only be given access privileges to IT Resources when the IT Resource owner or designate determines that they have a legitimate business need. These privileges must be enabled only for the time period required to accomplish approved tasks and then promptly disabled upon completion of those tasks