Timely Deactivation of Access Privileges

Published: October 17th, 2018

Category: Memos

Elias G. Eldayrie, Vice President and Chief Information Officer
Alan M. West, Assistant Vice President and University Controller

A recent audit finding identified the need for the University to enhance procedures to ensure that system access privileges are promptly deactivated upon separation from University employment. In response to this finding, the University is working on implementation of a long-term solution to enhance processes.

In the meantime, we would like to remind all departments of the following:

• The Department Security Administrator (DSA) must remove all IT access roles when an employee terminates or moves to another department.
• The departmental human resources processor in each department must enter terminations timely, including terminations for non-employees.
• The departmental human resources processor must notify the DSA when an employee terminates or moves to a new position or department within the University.
• Departments/Units must ensure there is a process to monitor the timely entry of terminations in the system, as well as open lines of communication between the departmental human resources processor and the DSA.

The timely deactivation of system access privileges is essential to maintain controls and safeguard the University. All supervisors and departmental leaders should review the current processes in their departments/units to ensure the above requirements are in place.

Please contact the University Controller’s Office at 392-1321 with any questions or for more information.

Comments are currently closed.