Identity, Access Control and Account Management Policy Overview
Introduction
This policy promotes good practice to ensure appropriate access to information systems and subsequent sensitive data is managed and documented. The policy contains essential information regarding both staff and student user accounts, the creation and use of shared and visitor accounts on the University network, with respect to access to University IT systems, circumstances when accounts may be disabled, and refers the user to the Regulations for the use of IT Facilities and Learning Resources document.
Key Points
- Access rights to information systems must be controlled, only granted access to systems that are necessary to fulfil their roles and responsibilities and be provided with the minimum privileges necessary to fulfil those roles and responsibilities
- Requests for special accounts and privileges must be formally documented and approved by the system owner and the requestors line manager
- When a member of staff changes role, the new line-manager is responsible for Change of Role requests for access and the old line-manager is responsible for the removal of access
- Student accounts shall be created for the students when they have accepted a place of programme of study and are regarded as provisionally enrolled
- Individual user accounts are created for sole usage
- Application and service accounts must only be used by application components requiring authentication
- When a generic or role-based username is required, a shared account may be created but only for specific purposes which are recorded along with the details of individual users for tracking purposes
- University IT systems misuse and abuse will be investigated using the University Problem Resolution Framework (Link for SHU staff only).
The Policy Document
The complete policy can be found here.
Guidance
Further guidance is currently under development.
For SHU staff the DTS Intranet Help pages contain further guidance on
- DTS Help Pages notifying DTS of starters, leavers, and changes in role. (SHU staff only)
