Generic Accounts Policy

Version 1.1

For Students, Faculty, Staff, Guests, Alumni

Purpose

This policy establishes the acceptable use of Generic Accounts.

Scope

This IT policy, and all policies referenced herein, shall apply to all members of the University community, including faculty, students, administrators, staff, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Policy Statement

  • Generic Account use is prohibited on all non-Public Computers and wherever Information Security and Assurance compensating controls cannot be implemented.
  • Generic Account requests may be granted based on justification and appropriate need. Information Security and Assurance must approve exceptions to this policy in advance through the IT Service Desk ticketing system.
  • Generic Accounts need to ensure compliance with University policies (i.e., auditing of rights/permissions to appropriate users).
  • Information Security and Assurance will audit the usage of Generic Accounts on an annual basis and will work with the owners of found Generic Accounts to limit their use with minimal impact on the business of that department.

Definitions

Generic Accounts are considered accounts not derived using the faculty, staff, or student naming convention. There is no corresponding ID associated with a Generic Account. These accounts do not identify the person or entity using the account.

IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Public Computers are IT Resources used in communal locations such as labs, classrooms, and kiosks.

Related Policies and Procedures

Provisioning and Deprovisioning Policy

Implementation Information

Review Frequency Triennial
Responsible Person Senior Director of IT Security and Assurance 
Approved By CISO
Approval Date March 6, 2017

Revision History

Version Date Description
1.0 07/28/2016 Initial document
1.0.1 03/06/2017 Definitions edit; no change to policy.
1.0.2 05/23/2018 Updated disclaimer, scope, and definitions
1.1 07/15/2020 Updated policy and purpose statements

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) will only be considered cooperatively between ISA and the requesting entity with sufficient notice to allow for conducting appropriate risk analysis, documentation, review, and notification to authorized University representatives where necessary. Failure to adhere to ISA written policies may be met with University sanctions up to and including dismissal.

Need Help?


Walk-In Centers

McShane Center 266 | RH
Leon Lowenstein SL18 | LC

View Our Walk-In Hours