Re: Data Access Approval Letter

[Tim Doty <tdoty () MST EDU>]

We don't really have that. What we do have is domain admin privileges 
which provides technical access to managed systems and our network file 
shares. We also have technical access to email. In addition to that we 
have a variety of logs, such as server and network. But IT security does 
not have carte blanche to university data -- for example, the majority 
of academic records are not directly accessible.

There are a variety of policies (http://it.mst.edu/policies/) though it 
doesn't look like any of those explicitly treat with access to 
University data. The closest is probably the AUP's provision for 
inspection of personal electronic information 
(http://www.umsystem.edu/ums/rules/collected_rules/facilities/ch110/110.005_acceptable_use_policy/)

There is a policy (that I can't find, not sure where it is published) 
pertaining to access to electronic records -- but that is used primarily 
to govern other university entity access. To the extent that IT security 
would need to use it (the only case I can think of where it would've 
applied predates the policy) the process is tracked electronically and 
goes quite quickly. The main benefit of the policy has in fact been 
moving the burden of granting access from IT to administration who, in 
practice, have a greater ability to "say no".

Tim Doty

On 06/16/2013 01:49 AM, Will Froning wrote:
> Hello All,
>
> I'm trying to find this online, but I am failing completely. When running
> an investigation I often run into roadblocks on data access and it can
> significantly delay my progress.
>
> Do you all have a letter signed by your Chancellor/President that gives you
> carte blanche access to University data when running an investigation?
>
> If so, can you point me to an online copy so I can shamelessly copy it? ;)
>
> Thanks,
> Will

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature