6.15 EMPLOYEE ACCESS TERMINATION AND REASSIGNMENT
Effective: August 15, 2024
Purpose: Emporia State University maintains information critical to the operations of the University. Various positions within the University require access to information.
In order to assure the University maintains the confidentiality and integrity of its information assets as well as follows all legal requirements in respect to information, this policy will cover access to those assets should an employee be terminated or reassigned.
Scope: This policy applies to all University employees, including student and temporary employees, whose position requires the granting of access to any University information asset.
Responsible Office: Information Technology
Policy Statement: The Information Security Officer (ISO) is responsible for creating procedures for granting and removing access. The ISO is responsible for monitoring and reporting compliance with this policy. The ISO is responsible for reviewing this policy, annually.
It is the responsibility of the information owner(s) to follow and maintain a system of granting and removing access to their information and ensuring that this procedure is followed.
Information Technology (IT) will be responsible for administering the access to servers it manages. Unit Support Personnel will be responsible for administering the access to servers they manage.
It is the responsibility of each administrative and academic unit to ensure that all University property assigned to a leaving employee is recovered.
The University will maintain records with respect to information accessible by position, levels of access, and current employee holding that position. Should a student or employee leave the University, all access previously granted will be revoked on their termination effective date. If an employee is reassigned, access changes will be granted based on the needs of the new, or modified, position. This may include adding or removing access to maintain “least privilege.”
The President or designee must approve any exceptions to this policy.
Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.
Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.
[Information Technology procedures - coming soon]
Related Policy Information: [coming soon]