Educause Security Discussion mailing list archives
Re: Exceptions to not keeping accounts for ex-employees
From: Theresa M Rowe <rowe () OAKLAND EDU>
Date: Fri, 20 Jul 2007 12:11:36 -0400
We tell departments that they can sponsor the account for 1 year for $100. As soon as we put a price on it, most of the requests disappear. Those that do sponsor seem to really need it. For the record: * Administrative accounts are removed 24-48 hours after a termination date is entered into our Banner system. * Student and alumni accounts are removed after 1 year of not registering. * Faculty accounts are removed 1 year after termination date is entered into our Banner system, UNLESS the faculty member retired and a special flag is entered in our Banner system (meaning that they requested to keep the account). Retired faculty with the flag keep the account until they request it dropped or a deceased date is entered in our Banner system. Anyone needing an account after those posted end dates have to have a department sponsor them, and the sponsoring department must pay the $100 fee (one time, renewed annually at no charge). Theresa ---- Original message ----
Date: Fri, 20 Jul 2007 11:54:10 -0400 From: Michael Fox <Mfox () GEORGIASOUTHERN EDU> Subject: [SECURITY] Exceptions to not keeping accounts for ex-employees To: SECURITY () LISTSERV EDUCAUSE EDU We have a policy for what to do with accounts of employees that are no longer employed at our university. What we are dealing with (seemingly on a more frequent basis) is the request for keeping the account active or available for longer. We have had requests for up to 9 months. The reasons vary, some are just nonsense and some have what seem to be legitimate reasons. Most of these are for e-mail accounts, but we have had a few for other accounts. Right now our e-mail accounts are separate from all other accounts so the account team has the ability to disable and remove other accounts more sensitive (Banner, PeopleSoft, etc). What I would like to ask is what criteria do other schools use for the exceptions (if you do allow exceptions)? Also if you do allow exceptions what are some of the limits you put on the exceptions. To be honest 99% of the requests for exceptions can be handled by advanced preparation of the employee and the department but I haven't gotten others to agree to this (yet). Any input would be helpful and appreciated. Thanks, Mike Mike Fox Georgia Southern University Information Technology Services Office of Information Security mfox () georgiasouthern edu (912)871-1592 Jeremiah 29:11-16 NOTE: This email message is intended only for the named recipient(s) above and may contain information that is privileged, confidential, and or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately contact the sender and delete this email message.
Theresa Rowe Assistant Vice President University Technology Services www.oakland.edu/uts - the latest news from University Technology Services
Current thread:
- Exceptions to not keeping accounts for ex-employees Michael Fox (Jul 20)
- <Possible follow-ups>
- Re: Exceptions to not keeping accounts for ex-employees Theresa M Rowe (Jul 20)
- Re: Exceptions to not keeping accounts for ex-employees Cheek, Leigh (Jul 20)