Network Account Management Procedures

Account Management Procedures & Security Compliance

SAP 29.01.03.M1.03
TAC 202.77

New Accounts

All new user account requests or changes to user accounts must be done by filling out the Division of Finance and Operations Network Access Request form.

The form must be signed by the requestor indicating that they have read and agreed to the policies and procedures, and signed by the individual's supervisor. The IT administrator will create the account and notify the individual, via email or in person, that the account has been created. The username and password will be given verbally to the new employee.

Accounts will not be created until a Network Access Request form has been completed and received by IT Services.

Accounts set up for student worker or other non-full-time employees are to have the expiration date on the account set to August 31st of that fiscal year. This ensures that if IT Services is not notified of the termination of these part-time employees, the accounts will self-expire.

The new employee is required to complete the Information Security Awareness training on TrainTraq within thirty (30) days of their employment start date. Completion of this training should be documented by the department.

Periodic Review of Accounts

At least once a year, IT Services will send a list of all active accounts to the departmental contacts. The departmental contacts will review the accounts and notify IT Services of any accounts that should be deleted. This notification should be made in writing within seven (7) days of receipt of the list. IT Services will disable any accounts as noted by the departmental contacts within seven (7) days of receiving the verified list.

Deletion of Accounts

A request must be made in writing to IT Services (typically email to our Help Desk) for any account that is to be deactivated/deleted. The deactivation request must be retained by the IT Services staff for future audit purposes. After thirty (30) days of being disabled, the user account will be deleted unless a written request has been received to retain the deactivated account. Email data specific to a deleted user account is deleted at the time the account is deleted. File data specific to a deleted user account will also be deleted after thirty (30) days unless a written request has been received for it to be retained for a longer period of time.