The purpose of this document is to:
- Delineate the circumstances under which IT is authorized to grant or restrict account access
- Ensure decisions to grant or restrict account access are made at the appropriate level
- Protect information technology resources from unauthorized access
- Comply with university, system, state, and federal investigations
- Provide business continuity at the time an individual separates from the university
Who should read this document:
- IT staff and student employees, UNLV employees seeking access to accounts other than their own, and approving authorities.
Information Technology Internal Policy
- IT will only grant and/or restrict access to information technology resources with consent of the account holder or upon authorization from the appropriate approving authority.
- In the event the approving authority is not clear, General Counsel will determine the appropriate approving authority.
Definitions
- Account Holder - A current student, employee, or individual granted a guest account. Individuals who have separated from the institution are no longer considered account holders.
- Approving Authority - The appropriate cabinet-level administrator for the account holder; any member of the Office of General Counsel; senior leader in the Office of Human Resources; or senior leader in the Office of Student Conduct. In cases where the expedited procedure applies, the approval authority is the former account holder’s supervisor.
SECTION 1: Expedited Procedures for Account Access
Expedited Procedure for Former Account Holder Access within Seven Days of Separation
- Within seven days of an account holder’s separation date from the university, access may be granted to personal files on university IT resources with the approval of the individuals supervisor. Access will be granted for no longer than 24 hours.
- Expedited requests will be handled by the IT Help Desk.
- Beginning with the eighth day of separation from the the university, former account holders must follow the procedures outlined in the next Section 2.
SECTION 2: Full Procedures for Account Access
Procedure for Making Requests
1. The requester sends a written description of the action desired with a short description of the reason for the action to the approving authority or the Chief Information Security Officer (CISO).
2. If necessary the CISO will reach out to the approving authority for authorization.
3. The CISO will create an authorization ticket for the technical team to grant access. The technical team member is informed that confidentiality must be maintained and only the people needed to complete the task should be informed of the action.