Authorized Access Procedure
Version 1.0
For Staff, Guests
Purpose
The purpose of this procedure is to ensure proper governance and control over privileged or heightened administrative access, particularly for "a-" and "ta-" accounts. This procedure establishes a consistent method for requesting and approving privileged access, ensuring that all such requests are processed via ServiceNow and with final approval by the Vice President & Chief Information Officer (CIO).
Scope
This IT security procedure applies to all Information Technology employees, contractors, and affiliates (the "User(s)" or "you") who require privileged or heightened administrative access to the University's IT Resources. It includes all access requests for "a-" and "ta-" accounts.
Procedure Statement
- Request Submission
- All individuals must request all privileged or heightened administrative access via ServiceNow.
- Include a clear and detailed justification for the required access (to ensure accountability and for future auditing purposes).
- Document how the requested access aligns with your job responsibilities following the principle of least privilege.
- Include the required duration of access.
- Approval Process
- The immediate supervisor (manager or director) receives and reviews requests if approved
- The department’s S-Team representative receives and reviews requests if approved and forwards the request to the CISO for review and approval.
- The VP & CIO of the Office of Information Technology completes final approval.
- Post-Approval Activities
- Upon approval, the service request is routed to the administrator responsible for provisioning the access.
Definitions
IT Resources include computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.
Privileged Access is access to systems or applications that exceed standard User permissions, allowing administrative or heightened control.
ServiceNow is the IT Service Management (ITSM) system for tracking access requests, approvals, and related documentation.
Related Policies and Procedures
- Account Access Change Control Policy
- Emergency Access via Privileged Access Management Policy
- Privileged Access Control Policy
Implementation Information
| Review Frequency | Annual |
|---|---|
| Responsible Person | Senior Director of IT Security Operations and Assurance |
| Approved By | VP & CIO |
| Approval Date | October 16, 2024 |
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 10/16/2024 | Initial document |