Policy Type
Administrative
Last Revised
June 2023
Review Date
June 2023
Owner
ITS
Contact Name
Blake Penn
Contact Title
Chief Information Security Officer
Contact Email
bpenn@colgate.edu
Reason for Policy
ÌÇÐÄvlog¹ÙÍø community members need to access network and other IT resources for their professional and academic functions. For security and governance reasons it is important that these accounts are managed in a proper manner including the timely provisioning and deprovisioning of access to network and IT resources.
Policy Statement
User access shall be based on the role of the user. Supervisors are required to indicate the level of access that their employees require. Students should be given the level of access required by their specific academic needs. Designated system managers are responsible for overseeing the process and for the subsequent assignment of access privileges. When an individual separates from the University, account access changes depending on the nature of the relationship. The following describe the process for decommissioning accounts and/or services upon leaving an active affiliation with ÌÇÐÄvlog¹ÙÍø:
Students (Undergraduate and Graduate)
- Alumni of ÌÇÐÄvlog¹ÙÍø may retain their email accounts, subject to the terms and conditions of the alumni email program. Following graduation former students will no longer have access to specific services. These include, but are not limited to, VPN, library resources, Google Workspace, and education software licensing. Students shall be given a reasonable amount of time to download or transfer any account data that they desire to keep before it is deleted.
- For students, upon a change of status, for any terminal status, such as Withdrawn, Inactive, Permanent Academic Dismissal, and Expulsion a student may access their accounts for 30 days unless otherwise determined by the Office of the Dean of the College (e.g. disciplinary proceedings).
- Additional time, not to exceed one year, may be granted by the Dean of the College or designee in limited cases and such requests shall be documented through a formal written request to the Office of the Dean of the College.
Staff
- Staff accounts shall be disabled on the last day of employment at close of business unless other arrangements have been requested by the supervisor and/or approved by the ÌÇÐÄvlog¹ÙÍø Human Resources Department (HR). These accounts and all associated data shall be archived 30 days after the termination date.
- If access to a departed employee’s email is needed for business continuity reasons, such requests must follow the Stewardship and Custodianship of Email Policy. All exceptions to this shall be handled through a written request to the Office of Human Resources.
Faculty
- Faculty who retire from ÌÇÐÄvlog¹ÙÍø as emeritus shall retain their account access for life. This includes email and network resource access.
- Visitors and faculty leaving the University will not retain their accounts. Because the process of hiring and rehiring visitors is dynamic, these faculty shall retain their accounts while they have an active affiliation with the University as determined by the Office of the PDOF.
- All exceptions to this shall be handled through a written request to the Office of the PDOF.
Change in University Affiliation or Status
- Graduates of ÌÇÐÄvlog¹ÙÍø who become employees of ÌÇÐÄvlog¹ÙÍø shall receive an account with the permissions and access required for their employment functions. This affiliation supersedes other policies that may affect account status upon leaving (except in cases where loss of privileges is deemed appropriate by HR, a cabinet member, or the Office of PDOF.)
Temporary Employees and Sponsored Accounts
- Temporary employees shall be granted accounts based on the job being performed for the University. For temporary employees, accounts shall be scheduled to be disabled based on the anticipated end date provided by their supervisor. If this needs to be extended, the supervisor must update this information with HR in a timely manner. A temporary account shall be permanently removed after being inactive for 180 days.
- User accounts may be granted to individuals seeking access to ÌÇÐÄvlog¹ÙÍø resources who are not currently students, staff, or faculty. These sponsored accounts may be provisioned for a variety of reasons, including contractors and vendors who assist in managing University resources, volunteers, visiting faculty or students, and external research affiliates.
Scope
This policy applies to all ÌÇÐÄvlog¹ÙÍø accounts.
Related Documents
Stewardship and Custodianship of Email Policy