University Management Systems
University of Colorado System
 
*CU System Home

  * Home
  * Help Line 
  * UMS Overview 
  * Access & Security
  * Production Services
 * SIS Development
  * HR & Financial Systems Development
  * System Availability
  * Advanced Technologies
  * Operations & Infrastructure
  * LAN & Desktop Services
  * UMS Staff Information
     
     
office of the president
explore the cu system
system services
news and events




LAN & Desktop Services - Policy for the Creation and Management of Accounts

Effective Date: February 1, 2005
Topic:
Creation and Management of Accounts on the UMS LAN
Prepared by: Lindsay Winsor
Approved by: Dave Makowski, Assistant Vice President for Computing and Information Systems
Applies to: All Users and Administrators of the UMS LAN
Initial Distribution: System Administration LAN Coordinators, UMS LAN Support
Replaces: No Prior Policy

PURPOSE

This policy is intended to improve the security of data stored on the UMS LAN by providing sound account management. For an account to be established on the UMS LAN, it is now necessary to have a signed and dated request from a System Administration supervisor, providing the necessary information to assure the identity of the individual requesting account access.

POLICY

Eligibility for Accounts

UMS LAN accounts may be created for individuals who are:

  • University employees in System Administration departments supported by the UMS LAN;

  • Others who are formally sponsored by someone in one of the above mentioned departments.

LAN accounts may not be created for groups of individuals except as workflow tools, nor may they be created for “positions” and passed from person to person occupying those positions.

Temporary and Durable Account Requirements

A temporary account may be set up based on a request from a known System Administration person on behalf of another person. All that is required to establish such an account is the user’s name and the department with which they are to be associated. A durable account may be set up based on a request submitted on the UMS LAN Access Request form. All of the required data and signatures must be provided. The Sponsorship Form must be submitted for proposed users who are not active System Administration employees. Proposed users who are active University of Colorado employees must have an employee ID in the HR system before being given a durable account. Proposed users who are not University of Colorado employees must have a non-employee ID in the HR system before being given a durable account.

Account Termination

Temporary accounts are disabled two weeks after they are created. Durable accounts are disabled as follows:

  • Accounts for University employees who are not in System Administration are disabled as soon as it is learned that the employee no longer has an active appointment.

  • Accounts for System Administration users are disabled as soon as it is learned that the employee no longer has an active appointment.

  • Accounts for sponsored individuals are disabled as soon as it is learned that the individual is no longer actively working on behalf of the University.   Sponsored accounts are disabled after 12 months unless the sponsor requests an extension for another year.

  • A supervisor, sponsor or user may request that an account be disabled at any time.

  • Accounts not used for six months will be disabled.

Accounts that have been disabled for three months will be deleted.

UMS LAN support staff will perform comparisons of LAN accounts to HR records at least quarterly to identify employees who no longer have an active appointment. They will also perform quarterly audits of LAN use to identify unused accounts.

Account Naming Standards

The account name should be the user’s last name. If that creates duplicates, it should be the last name and first initial. If that creates duplicates, it should be last name, first initial, and a sequence number.

Email account names should be first, last name with a sequence number if necessary.

The user name associated with a LAN account for a System Administration employee should match the employee name in the Human Resources system exactly.

DISCUSSION

These changes are designed to improve the quality of data about UMS LAN accounts and their users, to improve the removal of obsolete accounts, and to improve password management.

Additional Resources

 

 
       
UIS Home  |  CU System Home  |  Privacy Policy  |  Terms of Services
University Information Systems (UIS), University of Colorado, 50SYS, 4780 Pearl East Circle, Boulder, CO 80301
© 2003 Regents of the University of Colorado
Boulder Campus Colorado Springs Campus Denver Campus Health Sciences Center Campus CU System Home Contact Us A to Z Search