Educause Security Discussion mailing list archives
Re: [External] [SECURITY] Faculty / Staff Account De-provisioning
From: Ravi Kotecha <kotechar () BRANDEIS EDU>
Date: Fri, 24 Jul 2020 12:02:02 -0400
Hi All, To comply with FERPA and other regulations, former employees whether faculty or staff lose access to their accounts on their last day of employment. Faculty-emeritus retain access. We allow former employees who are alumni to request a new account to access alumni resources. The legal compliance and financial risk of an exposure event led to policy changes that allowed for the above. Best, Ravi On Fri, Jul 24, 2020 at 11:56 AM Oberlin, Craig <coberlin1 () cccd edu> wrote:
Has anyone considered FERPA implications, in that the employees still retain access to student information but are no longer legally entitled to do so? Yes, we are struggling with this as well….. Craig *Craig Oberlin, CISSP * Sr. Director IT, Identity and Access Mgmt & Chief Information Security Officer Coast Community College District *P* 714.438.6808 *coberlin1 () cccd edu <coberlin1 () cccd edu>* *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Ben Marsden *Sent:* Friday, July 24, 2020 8:28 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] [External] [SECURITY] Faculty / Staff Account De-provisioning *Caution: External Email Sender.* Do not click on links or open attachments unless you are sure you recognize the sender and you know the contents are safe The original sender of this email is *owner-security () LISTSERV EDUCAUSE EDU <owner-security () LISTSERV EDUCAUSE EDU>* ------------------------------ I *wish* we deprovisioned accounts by default on the day of termination. For planned, amicable separations, the account is not actually disabled until 30 days after their official termination date (although we no longer say this in the automated message that goes out prior to their termination date). For some unplanned, and for all "non-amicable" terminations, the account is disabled immediately upon termination. Faculty who are retiring retain their account for life, faculty who are leaving for another job are treated as above; extension requests are usually granted. Yeah, "cleanup needed in IAM aisle 16...." -- Ben On Fri, Jul 24, 2020 at 10:54 AM Gregg, Christopher S. < csgregg () stthomas edu> wrote: We deprovision staff accounts the day of termination. Faculty accounts are terminated 30 days after the HR termination date (which gets complicated for adjunct faculty). We don’t provide alumni accounts. We have a separate immediate, manual process for involuntary terminations, and other similar non-“good terms” cases. Thanks, Chris *Chris Gregg* Associate Vice President of Information Security & Risk Management, CISO Innovation & Technology Services (ITS) csgregg () stthomas edu p 1 (651) 962-6265 *University of St. Thomas* | stthomas.edu <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.stthomas.edu_&d=DwMFaQ&c=fH4LSaxSgjWoCqli9ejpOKSimqfdcqwvdi9ZfjV67eI&r=L2JLRtXHlhmcrIANbzJ5bJIItX7BypJgN7IAY1kklS0&m=SKPiY1DZqtH_xir6hIWFDi2RAMk-w40_btfxf6nUH94&s=Xt_KvrKSOSUNnJZ6sHLBpM2GgEXb0dkjbB_1EMCNct0&e=> *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Kevin Ledbetter *Sent:* Friday, July 24, 2020 9:37 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [External] [SECURITY] Faculty / Staff Account De-provisioning We are currently reviewing account de-provisioning policies regarding faculty and staff that leave the university on good terms and are interested in learning more about how other institutions handle this situation. When a faculty/staff member leaves your institution’s employment, what is the timing in which access to their email account is revoked? Is access revoked immediately or is there a grace period afforded to the former employee? If a grace period exists, how long is it? Are faculty and staff members treated the same. If the former employee is an alum, are there special considerations made? Kevin -- *Kevin Ledbetter* *Systems Security Administrator Office of Information Technology* 1700 Chapel Drive Valparaiso, IN 46383 219.464.6191 Staff Employee Advocacy Council Kevin.Ledbetter () valpo edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26data-3D02-257C01-257Ccsgregg-2540STTHOMAS.EDU-257Ce99053402a3f488e81ba08d82fdf1c47-257Ca081ff79318c45ec95f338ebc2801472-257C1-257C1-257C637311982580699592-26sdata-3D9qyMRN2npnRLaT3YAG3qu9D6V8c8ALE3LrvwJtJ-252Bllw-253D-26reserved-3D0&d=DwMFaQ&c=fH4LSaxSgjWoCqli9ejpOKSimqfdcqwvdi9ZfjV67eI&r=L2JLRtXHlhmcrIANbzJ5bJIItX7BypJgN7IAY1kklS0&m=SKPiY1DZqtH_xir6hIWFDi2RAMk-w40_btfxf6nUH94&s=_ZAu35QJ9nIkw8ufA9bpgsinPh2_mUk0EHf7IaOaaQ8&e=> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=fH4LSaxSgjWoCqli9ejpOKSimqfdcqwvdi9ZfjV67eI&r=L2JLRtXHlhmcrIANbzJ5bJIItX7BypJgN7IAY1kklS0&m=SKPiY1DZqtH_xir6hIWFDi2RAMk-w40_btfxf6nUH94&s=P5GmEnQhLUaFEFs09oZoPOf9qazTNZr8WyRp_i-Ke5U&e=> -- [}--> BEWARE of links and attachments in email! * Stop, Think before you click * ============================================ Ben Marsden : Information Security Director, CISSP ITS, 201 Stoddard Hall, Smith College, Northampton, MA 01063 --------------------------------------------------------------------- =--> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFaQ&c=fH4LSaxSgjWoCqli9ejpOKSimqfdcqwvdi9ZfjV67eI&r=L2JLRtXHlhmcrIANbzJ5bJIItX7BypJgN7IAY1kklS0&m=SKPiY1DZqtH_xir6hIWFDi2RAMk-w40_btfxf6nUH94&s=P5GmEnQhLUaFEFs09oZoPOf9qazTNZr8WyRp_i-Ke5U&e=> ------------------------------------------------------------------------------------- *** NOTICE *** This message was sent from an external sender and did not originate from Coast Community College District. If you are unsure of the authenticity of the sender, DO NOT click any links or download any attachments. Instead, click on FORWARD and address to phishing ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://urldefense.com/v3/__https://www.educause.edu/community__;!!DaRZpAeNFA!NIaIzvTOrJIlRVGdyNeOnlVbdrrdI6rgFQCATmL9rOyof4yaQx5gPrDsPzVOIWXiLsg$>
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Faculty / Staff Account De-provisioning Kevin Ledbetter (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Gregg, Christopher S. (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Ben Marsden (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Oberlin, Craig (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Ravi Kotecha (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Scott Norton (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Ben Marsden (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Ben Marsden (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Gregg, Christopher S. (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Joshua Webb (Jul 24)
- Re: [External] [SECURITY] Faculty / Staff Account De-provisioning Kevin Ledbetter (Jul 27)