Effective Date: February 1, 2005
This policy is intended to improve the security of data stored on the UMS LAN by providing sound account management. For an account to be established on the UMS LAN, it is now necessary to have a signed and dated request from a System Administration supervisor, providing the necessary information to assure the identity of the individual requesting account access.
Eligibility for Accounts
UMS LAN accounts may be created for individuals who are:
LAN accounts may not be created for groups of individuals except as workflow tools, nor may they be created for “positions” and passed from person to person occupying those positions.
Temporary and Durable Account Requirements
A temporary account may be set up based on a request from a known System Administration person on behalf of another person. All that is required to establish such an account is the user’s name and the department with which they are to be associated. A durable account may be set up based on a request submitted on the UMS LAN Access Request form. All of the required data and signatures must be provided. The Sponsorship Form must be submitted for proposed users who are not active System Administration employees. Proposed users who are active University of Colorado employees must have an employee ID in the HR system before being given a durable account. Proposed users who are not University of Colorado employees must have a non-employee ID in the HR system before being given a durable account.
Temporary accounts are disabled two weeks after they are created. Durable accounts are disabled as follows:
Accounts that have been disabled for three months will be deleted.
UMS LAN support staff will perform comparisons of LAN accounts to HR records at least quarterly to identify employees who no longer have an active appointment. They will also perform quarterly audits of LAN use to identify unused accounts.
Account Naming Standards
The account name should be the user’s last name. If that creates duplicates, it should be the last name and first initial. If that creates duplicates, it should be last name, first initial, and a sequence number.
Email account names should be first, last name with a sequence number if necessary.
The user name associated with a LAN account for a System Administration employee should match the employee name in the Human Resources system exactly.
These changes are designed to improve the quality of data about UMS LAN accounts and their users, to improve the removal of obsolete accounts, and to improve password management.