Initially Approved: August 25, 2006
Revised: August 10, 2015
Revised: April 10, 2017
Revised: January 28, 2019
Technical Changes: June 20, 2019
Revised: June 30, 2020
Revised: June 10, 2025
Revised: July 1, 2025
Policy Topic: Information Technology
Administering Office: Office of the CIO
Information technology resources are provided to support the University's mission. To ensure that these shared and finite resources are used effectively to further the University's mission, the integrity of the resources must be protected and access to the resources must be properly controlled.
This policy applies to all individuals assigned a non-student University account who access the University's information technology resources, whether the resources are located on or off-campus, and whether University-owned or contracted for use by the University.
ٱ鴡” means subject to the Human Resources Act (formerly SPA).
“E鴡” means Exempt from the Human Resources Act (formerly EPA).
“Non-Faculty Employees” includes all SHRA and EHRA non-faculty
“Faculty Employees” includes tenured-track and fixed-term appointment faculty
“Temporary Faculty Employees” includes adjunct faculty, teaching and lab graduate assistants
“Administrative Student Workers” students who need access to administrative systems, including graduate research assistants
“Affiliate Non-Faculty” includes guests, volunteers and interns
“Affiliate Faculty” includes third-party individuals providing instructional services to an academic
unit and not paid by the University
“Affiliate Former Faculty” includes Emeritus in Waiting and former adjunct faculty between contracts which are
within a year of last contract
ٳܱ” a vendor that provides software or IT services through a contract or other agreement.
IT Services include the support or implementation of university technology infrastructure
or operations
“CDzԲܱٲԳ” a third-party providing non-IT and non-instructional consulting services to business
offices or functional users
“Emeritus Status” retired professors or chancellors who have emeritus approval “Information Technology
Resource” means any system, media or software used to transmit, store or process information
or data.
“U” means any individual assigned a non-student University account to utilize a University
information technology resource as defined above.
ٱ貹پDz” means the employee left employment with the University and is no longer affiliated
with an employment agreement.
The Information Technology (IT) Division’s Networking & Communications (Networking & Communications) Services has the responsibility for the design, maintenance, and security of the university’s data network. To ensure the integrity of the network:
Access to university information technology resources may only be granted to users who have completed and submitted all requisite compliance documents as defined by the IT Division. For initial access and termination of access, the guidelines detailed below control access based upon the user’s employment or appointment status.
In most cases, access to information technology resources will terminate on a user’s last work/contract date. In some cases, access will terminate on a user’s last pay date. In cases where separations are deemed involuntary, the Division of Human Resources and Payroll (HR) will immediately terminate access.
Hiring officials may not enter into employment contracts that commit the university outside the scope of this policy.
All users obtaining non-student accounts are required to read and accept a Confidentiality and FERPA agreement when electronically claiming their account. Other compliance documents differ by user type and are outlined below in sections C and D.
Employee user accounts will be created upon receipt of 1) a fully executed employment contract or a letter offer of employment that has been accepted in writing by the employee, and 2) all compliance documents required by HR. Access to the account will be granted as follows:
Non-Paid user accounts will be created upon receipt of 1) a fully executed contract or other engagement document; and 2) a completed IT Guest/Consultant access request form or an approved equivalent electronic request. Access to the accounts will be granted as follows:
For departments expecting to re-hire former adjunct faculty that do not already have Emeritus status within a year, the Academic Dean or department head must request the account remain active as an Affiliate Former Faculty. HR will process the request and verify a change of status. The term for this status is no more than one year. Users will automatically be moved from this user type to a faculty type by a change in status performed by HR.
For individuals that are Emeritus in Waiting, HR will update their status and their account will automatically be changed to Affiliate Former Faculty for up to one year while they await the decision on Emeritus status.
When user access is terminated per this policy, the account will be placed in a disabled status for one (1) year. During that time, the last supervisor may request that the email content or personal network storage content from the user be delivered to them. One (1) year after the account has been disabled, it will be deleted, which will also delete the user’s email content and personal network storage folders unless additional time is permitted by the CIO.
Employees returning to the University after separation generally will not retain previous content or system access permissions (i.e. the account will be re-provisioned). However, adjunct faculty and other time-limited positions that work on a recurring basis may retain access to previous content and systems if they return within twelve (12) months.
It is the responsibility of each department to provide timely notification of all changes related to employment and termination to HR to comply with the timeframes set forth in this policy. Departmental notifications and personnel processing actions are subject to audit by the University’s Internal Auditor and by external auditors. As such, the timeframes for compliance rest at the departmental level.
This policy shall be reviewed and revised as necessary every two (2) years.
International Standards Organization (ISO/IEC 27002:2022, Clause 5 Organizational Controls, Clause 6 People Controls and Clause 8 Technological Controls)