Re: Termination / Retirement Policies

["Miguel A. Glez. de la Torre" <mglez () ITESM MX>]

Hello.

We use one account for every role, i mean, if a person is an employee, a
master student and also has children in the highschool or university (in our
affiliations, a Father), he has 3 accounts, one for every rol.

We´re analyzing how to improve this because there are more roles in the way,
like consultants, clients (of other services out of school things),
suppliers, etc.. so we need to redesign our Identity Management and were
asked to have one account for all the systems.

 

Anyone with this approach? 

Ing. Miguel Angel González de la Torre, MCC

Director Seguridad de la Información
Dirección de Tecnologías de Información
cid:image001.png@01CF3C8C.FA77B1B0
Tel.: 52 (81) 8158 2000, ext. 2936. Fax: 81 81582287
Enlace intercampus: 80-689-2936.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Donna Volpe Strouse
Sent: jueves, 27 de marzo de 2014 11:40 a.m.
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Termination / Retirement Policies

 

We also have one account per user.  However, we have had to make an
exception to that rule for alums who are also employees if there is a
non-amicable separation from their job. This is because all alums get to
keep their wellelsey.edu domain credentials.  So in order to let them keep
their Wellesley email, but still satisfy our requirement to terminate
accounts immediately when employees leave the college, we will create a
second account for the alum to use for personal email only. 




Kind regards,

Donna

 

Donna Volpe Strouse

Director of LTS Administration & Information Security Officer

Library & Technology Services

Wellesley College

Clapp Library 246
781-283-3425

 

*** Many people want your password so they can steal your information. If an
email asks you to send your password or directs you to a page that is NOT in
the  <http://wellesley.edu/> wellesley.edu domain, DO NOT provide your
password. LTS will never ask for your passwords -- when in doubt, contact
the LTS Computing Help Desk.

 

On Thu, Mar 27, 2014 at 12:21 PM, Jones, Mark B <Mark.B.Jones () uth tmc edu>
wrote:

Our users have one account no matter how complex their affiliation is.
Users who are both employees and students gain or lose attributes as their
affiliations change but their single account persists until they have no
lingering affiliation.  Applications and services are expected to handle
authorization appropriately.  In other words authentication should not equal
authorization.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Peter Lundstedt
Sent: Thursday, March 27, 2014 10:15 AM


To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Termination / Retirement Policies

 

Hi all,

 

We’re working developing some formal policy, standards, and procedures
around faculty, staff, and student account terms following status changes
and I’m curious on what others are doing.

 

The following scenarios are some that we are struggling with, but anything
around the term process would be helpful.

 

Do you allow faculty with proprietary research (Emeriti in particular) to
keep hardware following retirement?

How do you handle staff terms when that staff member is also a student?

How do you handle student terms when a student is also an adjunct
professor/similar?

 

Peter Lundstedt

SECURITY ANALYST 2, INFRASTRUCTURE & SECURITY SERVICES

 

oit