IT300 Accounts Policy

Effective Date:  01/25/2023

Owner:  PPAC

Team Members:  PPAC

1.0            PURPOSE

1.1              The purpose of this policy is to establish procedures and guidelines for the administration of computing accounts that facilitate access to or on behalf of Baker College information resources.

2.0           SCOPE DETAIL

2.1             This policy is applicable to those responsible for the management of user accounts or access to shared information or network devices. Such information can be held within a database, application, or shared file space. This policy covers departmental accounts as well as those managed centrally.

3.0           DEFINITIONS

AD

Active Directory defining structure which allows access to Baker College resources.

Alumni

Student whom receives diploma or certificate of a Baker College program

AUP

Acceptable Use Policy

EAS

The Enterprise Application Services team

ISS

The Infrastructure Security and Support team.

IT

Information Technology

ITSC

The Information Technology Solution Center team

Least Privilege

The principle means giving to an account only those privileges which are essential to perform its intended function.

Non-Domain Accounts

Non-AD accounts that may or may not be used by Baker employees to manage other systems within the enterprise.

Position Code

Every employee is assigned one or more specific position codes that allow proper access to be granted, based on campus, department, division, etc.

SLA

Service Level Agreement defines the level of service expected by a customer from a supplier.

SME

Subject Matter Experts are the individuals responsible for documenting instructions and reviewing the compatibility of a resource with the College’s systems.

System Administrator

Administrator of all Networking Infrastructure whether it’s Network Hardware or Servers

TSS

The Technology Services and Support team.

UID

User Identity

4.0           GUIDELINES

4.1             All information that Baker College deems as protected information, is to be stored on servers that require user authentication. Authentication is critical because it is the process by which a system confirms that a person or device really is who or what it is claiming to be and through which access to the requested resource is authorized. Strong authentication protocols help both to protect personal and organizational information and prevent misuse of organizational resources. Authenticating to any Baker College system constitutes full acceptance of the terms and conditions of the Acceptable Use Policy.

4.2            Baker Domain Accounts (UID)

4.2.1       Passwords

a.)              Complexity

i.)                 The Baker College system will enforce password complexity requirements based on industry standards and to address security concerns.

b.)              Faculty, staff, and vendor account passwords expire after 90 days.

c.)              If there is a reason to believe that any account has been jeopardized, the password must be changed immediately and both the ITSC and the account’s supervisor informed.

4.2.2      Life cycle

a.)              Baker College uses a formal account management process to create, manage, and remove user accounts.

b.)              Accounts must be unique and cannot be recycled.

c.)              A Supervisor may request access to an individual’s electronic records once an account is terminated.

d.)              Users who are existing students and/or alumni, and staff may receive a new account in the event of employment ending with the college.

4.2.3       Baker Email Account Usage

a.)              All official correspondence to/from the college will use an official Baker College email address and required formatting.

b.)              All Baker College email users are responsible for the information received and are required to monitor their email account on a regular basis.

c.)              All Baker College email users who redirect their official Baker College email address to another address may do so at their own risk. The College will not be responsible for handling email by other email service providers. Email lost during redirection does not absolve users from responsibilities associated with communication sent to their official Baker College email address.

4.2.4      Account Permissions

a.)             When possible, applied via Position Codes or AD group membership using the principle of least privilege.

b.)              Manually enabled permissions where applicable.

c.)              Accounts that transition to another department / role should be audited.

4.3            Non Baker Domain Accounts (All non AD accounts- application specific)

4.3.1        Passwords

a.)              Default passwords are prohibited.

b.)              Must be changed in accordance with respective procedures or triggering event(s) (e.g. staffing changes, security breach).

c.)              Complexity

i.)                 When possible, follow the AD complexity requirements.

4.3.2       Life cycle

a.)              Account lifecycles must be SME defined for all non-domain accounts.

b.)              Accounts must be unique and cannot be recycled.

4.3.3       Account Permissions

a.)              Granted and maintained by SME using the principle of least privilege.

b.)              Auditing.

i.)                 Accounts that transition to another department / role should be audited.

ii.)               Application specific access should be audited.

4.3.4      Temporary account access (Guest Access/Vendor)

a.)              Temporary account access might be provided for the following:

i.)                 WiFi, computer access, and access to secure physical areas.

b.)              Temporary account access will require but is not limited to the following:

i.)                 Minimum password length, username requirement, and short life cycle.

5.0           RESPONSIBILITIES

5.1             IT

5.1.1         The role of Baker College Information Technology is to ensure IT systems, products, and services are used to support the institution while striving to achieve the IT SLA’s.

5.1.2        The SME shall be responsible for maintaining a process to audit and manage accounts and access for any given application.

5.2            Supervisors

5.2.1        Request account creation and access modifications for employees reporting directly to them.

5.3            SME’s

5.3.1        Request and approve account creation and modifications for systems that they manage.

5.4            Admissions

5.4.1        Verify the student’s information is accurate.

5.5             Human Resources

5.5.1        Verify staff or faculty information is accurate.

5.5.2       Assign and maintain applicable Position Codes.

5.6            Security Analyst

5.6.1        After an account has been identified as compromised:

a.)                Verify the compromised password has been changed.

b.)                Inform the appropriate parties.

5.7             End User

5.7.1        The end user is responsible for understanding all Federal and State regulations that apply to their role(s).

5.7.2       Usage should adhere to all guidelines as specified by the AUP, Student Handbook, Faculty Handbook, and Employee Handbook.

Details

Article ID: 153345
Created
Wed 1/25/23 4:37 PM
Modified
Thu 10/26/23 10:52 AM

Related Articles (1)

IT Policies & Procedures Overview
Defines the structure and purpose of policy & procedure utilization by the Baker College Information Technology Department.