Overview
Approved by: Office of the President
Date approved by President or Board of Trustees: Oct 30, 2009
Effective date: Oct 30, 2009
Responsible Official: Chief Information Security Officer
Responsible University Office: UTech Security and Policy
Revision History: 2
Related legislation and University policies:
Acceptable Use of Information Technology (AUP), Human Resources Policy Employee Classification and Status, Human Resources Policy Termination of Employment, Human Resources Procedure ÐÇ¿Õ´«Ã½ Termination of Employment, ÐÇ¿Õ´«Ã½ HIPAA Research and Privacy Board Policy
Review Period: 3 Years
Date of Last Review: August 21, 2024
Relates to: Faculty, Staff
Summary
The Early Account Closure policy is defined to inform and instruct managers and supervisors the account termination process to be used. This procedure coordinates actions between ÐÇ¿Õ´«Ã½ IT Services and the Department of Human Resources and is governed by the ÐÇ¿Õ´«Ã½ Network Account Closure Policy.
This procedure applies to all ÐÇ¿Õ´«Ã½ Directory accounts in the ÐÇ¿Õ´«Ã½ UTech infrastructure.
Purpose
When a person leaves the University, their network accounts are terminated or suspended in accordance with ÐÇ¿Õ´«Ã½ Network Account Closure Policy. It is understood that there are conditions that would warrant suspension of network privileges earlier than the standard time frames. Examples of such conditions are:
- immediate termination of an employee under conditions that a risk to information or information technology assets exists for the University
- a student is suspended via judicial process and the current grace period is no longer applicable
- a violation of the University's Acceptable Use Policy for any account holder (e.g. alumni or affiliate)
- the person serves as a systems administrator and has elevated privileges for University IT systems and information
Procedure
Requests. Supervisors can request immediate termination of an employee's network account for emergency cases by contacting the office of in the Department of Human Resources.
Approval. When a request is received for an early account termination for an employee (faculty or staff) the Department of Human Resources will review the request for validity and applicability. If the early account closure request is approved, then notification will be made to terminate the user account. The representatives from Employee Relations will then send an email request to the address:
account-closure-hr[at]case[dot]edu
When a request is received for a student, alumni, or affiliate account, the Information Security Office will review the request with the appropriate University governing organization.
Middleware Engineering will only process early account termination requests from the Department of Human Resources or the Information Security Office. When requests are denied, the standard account termination processes will remain in effect.
Implementation. When requests are approved, the Middleware Engineering staff will complete any necessary system changes and respond to the Department of Human Resources or the Information Security Office within 24 hours or within an agreed upon timeframe.
Non-infrastructure Accounts. It should be noted that when a terminated user has account access to IT systems that are managed outside the scope of ÐÇ¿Õ´«Ã½ Directory Accounts, the supervisor is responsible to assure that these accounts are also terminated. Examples include local server accounts, vendor accounts, and any shared departmental resources. Additional considerations for the ÐÇ¿Õ´«Ã½ ERP systems can be addressed by the Information Security Office.
Responsibility
Supervisor, Manager, Department of Student Affairs, University Counsel: Identify potential early closure situations for departing ÐÇ¿Õ´«Ã½ users and forward requests in accordance with this procedure.
Chief Information Security Officer: Assure quality and consistency of the procedure and policies. Define and communicate the University risk posture in accordance with information protection controls
Employee Relations, Department of Human Resources: Maintain information pertinent to employee status and approve/disapprove early termination requests.
Information Security Staff: perform risk assessment activities to evaluate need and scope of account terminations.
Middleware Engineering Staff: Evaluate and implement account change requests. Report task completion.