Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Systems Access Policy

From: Frank Barton <bartonf () HUSSON EDU>
Date: Tue, 27 Mar 2018 09:56:00 -0400
Michael, I think I may be reading too much between the lines here, so feel
free to correct me.

The first thing I am noticing is a disconnect between "Hire Date", "Start
Date", and "First Day of Classes", and that would be a conversation to have
with your HR department. long-story short, if their start-date is the first
day of classes, that gives them NO time to set up classes, and to get
started, and I don't think it serves your students well.

The second thing is that, yes, we set up faculty (and staff) accounts as
soon as we are notified by HR that there is a new hire, and that they have
passed all of the necessary hurdles (background checks, etc.) This also
then creates email, LMS accounts, etc. I would make the argument that this
is a net benefit as it then also allows any discussions to move into the
institutional email system. This also gives us time to make sure that all
of the needed permissions are in place so that they have access to
everything that they need when the land. (account provisioning is not
instantaneous after all)

I guess, I would ask you what risks you do see, and what problems have you
seen? obviously, I am not a lawyer, and at the end of the day your general
counsel may have the final say as to when accounts get created and
activated.

Frank

On Tue, Mar 27, 2018 at 9:30 AM, Madl, Michael <michael.madl () indwes edu>
wrote:


Good morning,



Do your respective universities allow faculty new hires access to systems
prior to their hire date for the purposes of building LMS course shells in
preparation for their classes?



I understand why some institutions may do this ‘but’ I do see inherit
risks with setting up accounts prior to official start dates.  Accounts can
be set up with limited access to start then further loosened after the
start date but that creates double work and more of an administrative
nightmare.



If you could elaborate on any experiences, polices or thoughts around this
I would greatly appreciate it.



Thanks in advance!





-- 
Frank Barton
Security+, ACMT, MCP
IT Systems Administrator
Husson University
Previous By Date Next
Previous By Thread Next

Current thread: