Standard for Granting Access Rights to Administrative Systems
All of the data maintained in the primary administrative systems is considered to be an institutional resource. University senior management has encouraged increased access to this information by institutional personnel where its use will promote better service to our customers — that is, the students, outside agencies, other University departments, or anyone we serve. Whereas some of this data is specific to a particular student or employee, he/she will have certain rights to access such data as prescribed by law (i.e. the Family Educational Rights and Privacy Act of 1974, et al) and/or addressed by University policy. Access to personally identifiable information by University personnel and/or its distribution will also conform to applicable law and institutional policies.
The administrative systems are used to capture or maintain data, or as an information resource, by several separate and organizationally unrelated departments, all of which have a custodial interest in how access to this data is managed. Since it is an institutional resource, decisions regarding access to data will be based upon the best interests of the University.
Security administration will be managed by the Information Technology Division, which will solicit input for making access decisions from departments with a custodial interest in each class of data. Access will be granted based upon "need to know" and in conformance with applicable law and institutional policies.
Any employee with management approval may request access to administrative system information. A signed Confidentiality/Security Agreement must be on file for anyone assigned a Network ID, signifying that the individual accepts personal responsibility for all access granted to him/her.
Department managers are responsible for ensuring that appropriate initial and ongoing training is provided to any employee granted access to an administrative system. Information Technology may periodically prescribe additional training be required for continued system access.