Employee Network Account Management Policy

Purpose

The purpose of this policy is to establish a standard for the management of CSB/SJU employee network accounts which facilitate access to information and technology resources at CSB/SJU.

Scope

This policy is applicable to the network accounts of CSB and SJU employees.  A network account, for the purposes of this policy, consists of an Active Directory user object and the resources assigned to it.

Policy

Automated Network Account Provisioning

Network accounts are provisioned for all CSB and SJU employees that have been assigned an active employee status in Banner by CSB/SJU Human Resources.  Information regarding newly provisioned network accounts is distributed to the employee’s supervisor.

Note: The automated network account provisioning process is run periodically throughout the day.

Automated Network Account De-provisioning

Employee network accounts are subject to the de-provisioning process when CSB/SJU Human Resources assigns a classification of “separated” to the employee’s record in Banner.

The network accounts of those employees matching the previously described criteria will be de-provisioned as follows:

  1. The network account will be immediately expired/disabled preventing the employee from logging onto it.
  2. CSB/SJU Human resources will receive a notification that the employee’s network account has been effectively disabled.
  3. The network account and resources associated with the account will be held for 180 days.
  4. After the account has been disabled for 180 days, the network account is archived and all resources are stripped from it.

Notes:

  • The automated network account de-provisioning process is run once per day.
  • If an employee is rehired after their network account has begun but not completed de-provisioning, the expiration date on the network account is cleared and the account falls out of the de-provisioning process.
     

Exceptions to Automated Network Account De-provisioning

Employees whose network accounts are subject to the network account de-provisioning process may request extended access in the following cases:

  • The employee is completing work for CSB/SJU beyond the end date of their contract.
  • The employee is assisting in the transition of their job functions to a new employee.

Those who fall into one of those categories and wish to apply for extended access to their network account need to:

  1. Contact their supervisor to gain approval for their request.
  2. Have their supervisor contact CSB/SJU Human Resources to relay approval of the request.  The request should include a reasonable end date for access.

Requests for Access to Resources Assigned to Network Accounts in Process of Being De-provisioned

Requests for access to the resources of a network account that has entered the process of being de-provisioned are considered by CSB/SJU Human Resources on a case by case basis.

Requests for access need to come from the department head or supervisor of the former employee and include:

  1. The resource where the sought for data may be stored.
  2. A description of the items being sought and/or terms that can be used in a search for the items.
  3. If blanket access to a resource is being sought, a reasonable end date for access needs to be included in the request.