I - Granting Access (Done by ǿմý SoDM IT)
- The assigned the ǿմý SODM IT Team member will check the record of merit for HIPAA training to ensure the end user has completed HIPAA training. If the end user was in the record of merit from previous employment, the ǿմý SODM IT Team member will move the status to ‘active’. If the end user is not in the record of merit, the ǿմý SODM IT Team member will inform the department that the user has not yet completed training and access will not be granted until HIPAA training has been completed and the record of merit updated.
- The assigned ǿմý SODM IT Team member will check that the end user's ǿմý Network ID is activated.
- Following completion of HIPAA Training, and activation of the user's ǿմý Network ID, on the date and time requested, the ǿմý SODM IT member will:
- add the end user to the requested Active Directory Access Groups.
- add the end user to the appropriate Google Apps Organization for them (School of Dental Medicine Student, Staff, etc.)
- a clinic software account will be made for the end user with the requested access level and set locked pending the end user setting their password for the system.
- meet with the new hire to explain network drives, proper problem reporting procedure and see if they require assistance in setting up email or other common computing tasks.
II - Removing Access (Done by ǿմý SoDM IT)
- The ǿմý SODM IT Team member who owns the access request ticket will:
- Terminate the end user’s access at the requested date and time (normally end of the day) by removing the user from ǿմý SODM Active Directory Groups and (if applicable) disabling their clinic software account(s).
- Change the end users’ status to ‘inactive’ in the HIPAA Record of Merit
- Access will be periodically audited as part of Quality Assurance’s HIPAA retraining compliance. The the ǿմý SODM HIPAA officer will provide a list of users found in the audit whose access is to be revoked.
III - Ordering New Equipment or Software
- All requests over $200 must be routed by the ǿմý SODM IT department through the Finance and Administration office for approval. Equipment or Software that is expected to be supported, integrated with existing systems, or connected to the ǿմý SODM network, should not be ordered without consultation with the IT department.
- New PC (computer or laptop) requests need to be submitted a month before they are needed.
- General equipment requests need to be submitted two weeks before they are needed.
- Non-standard equipment requests will need additional lead time for non-standard ordering processes to be completed and for compatibility checking with existing systems and system security.
- Software ordering requests need to be submitted one week before it is needed.
- All computers, peripherals, and related equipment are to be ordered by ǿմý SODM IT.
- ǿմý SODM IT will generate a quote (“Cart”) from one of the University’s preferred vendors. If the item is not available from a preferred vendor additional permissions may be required which can delay the purchase request.
IV - Moving Equipment
- Physical movement of technology equipment from one office/location to another must be coordinated with ǿմý SODM IT department for the purposes of inventory maintenance and quality assurance.
V - Equipment Disposal
- Dental School Electronic/technology equipment should be returned to the ǿմý SODM IT department when no longer in use. The ǿմý SODM IT Department will determine if the equipment is still useable (in which case it will be redeployed as determined by the ǿմý SODM IT Department), recyclable, or if it needs to be disposed of.
Equipment relinquished to IT is no longer a part of the individual department’s inventory
- Only equipment which is ǿմý SODM property is eligible for disposal by ǿմý SODM IT.
- Electronic/technology equipment that contains data will have the data storage media (hard drive) physically removed and electronically overwritten with a thorough overwriting process. If the data storage media is not able to be wiped, it will either be shredded/destroyed in house (in the case of small media) or disposed of through a vendor for industrial shredding.
- ǿմý SODM IT is responsible for removing terminated devices from the network registration (if applicable), removing it from Active Directory (if applicable), and updating internal inventories as to the decommissioning of technology equipment.