IT Policies
white space
 

Termination of User Access Policy

(Updated 9.20.2006)

Purpose

The principle of access control is to limit access to users who have valid reasons for accessing computers, systems, or data. Access control is a key component of information security. It is critical the access privileges be revoked in a timely manner when users terminate their relationship with the University or transfer to a job with different duties and responsibilities.

Scope

This policy applies to all members of the University at Buffalo community (students, faculty, staff, contractors, volunteers, consultants, temporary employees, visitors) with access to UB computing or network resources.

Policy

Access privileges must be revoked immediately upon notification when a user no longer has a need for such access.

Responsibilities

  • Supervisors are responsible for notifying their local department administrator (appointment person) when an employee, including a student or graduate assistant, terminates appointment or transfers to a new position with new duties and responsibilities.
  • Local Department Administrators are responsible for the following:
    • Sending email to the alias ub-account-term@buffalo.edu, notifying those who administer central accounts (UB IT, Infosource, and mainframe accounts) that an employee has terminated appointment or transferred to a new position with new duties or responsibilities, and that access to centrally-administered accounts must be reviewed and appropriate action taken. In the case of Infosource access, the appropriate access control administrators will be notified that the employee has terminated appointment or transferred to a new position and that access must be reviewed and appropriate action taken.
    • Consulting with the local IT support manager, notifying him/her that an employee has terminated appointment or transferred to a new position with new duties or responsibilities, and that access to department accounts and resources must be reviewed and appropriate action taken.
  • Access Control Administrators are responsible for revoking the access of users who no longer have a need for access to data.
  • Users (UB IT Account Holders) have the responsibility to keep their @buffalo.edu forwarding addresses current and accurate, using the buffalo.edu email forwarding tool ( http://ldap.buffalo.edu/forward.html). After access privileges have been revoked, should CIT receive a complaint of a broken email forwarding address set for a deactivated @buffalo.edu email address, and the user has left UB, CIT will remove the forwarding address (thus, email to the @buffalo.edu address will bounce to the sender). If the user does not leave UB, e.g., when a staff member leaves to become a student at UB, should CIT receive a complaint of a broken forwarding address, we will make a reasonable effort to inform the user of a broken forwarding address. If the effort to contact the user fails, CIT will remove the forwarding address.
  • The Associate VP for IT is responsible for communicating, maintaining, and enforcing this policy.

Policy Review and Update

The Associate VP for Information Technology or his designee will periodically review and update this policy as needed. Questions concerning this policy should be directed to the Office of the Associate VP for Information Technology.
  white space
  



Related Links

» UB Computer and Network Use Policy
» UB IT Account Policies
» Email Policy


Copyright 2007, University at Buffalo, All rights reserved.