Identity and Access Management Policy
Policy 905
Introduction
The security, privacy, and integrity of Institutional Data is an operational priority for Appalachian State University (“Appalachian”). The purpose of this policy is to outline responsibilities and authorities for the effective management of Appalachian’s User Identity and Access Control Program.
Scope
This policy applies to all Appalachian State University employees, students, visitors and vendors.
Definitions
User Identity
An electronic identity Data Element that represents a known individual or group affiliated with the University.
Access
The ability and means to: (a) communicate with or otherwise interact with Institutional Resources; (b) use Information Technology to Access Institutional Data; (c) gain knowledge of Institutional Data contained in Information Technology; or (d) control Information Technology components and functions.
[Other Terms]
Other capitalized terms have the same meaning as defined in Appalachian Policy 901 – IT Governance Policy and Appalachian Policy 902 - Data Governance Policy
Policy and Procedure Statements
Roles and Responsibilities
The Chancellor has delegated authority and oversight for the administration and implementation of Appalachian's User Identity and Access control functions to the Chief Information Officer. The Chief Information Officer is responsible for developing and overseeing a User Identity and Access Control Program (the “Program”) that includes:
- the implementation and maintenance of User Identity confirmation and Access control techniques, including the User Identity and Access of students, faculty, and staff, and other individuals with Access to the University’s Information Resources and Institutional Data;
- the development and implementation of IT Standards to establish the University’s Identity and Access Management practices in accordance with UNC System policies and standards;
- ensuring that Appalachian’s User Identity and Access Control Program incorporates measures to sufficiently control Access to Institutional Data consistent with federal and state laws, and UNC System policies; and
- seeking and receiving recommendations from the IT Governance Groups and Data Governance Groups on risk-informed techniques to confirm User Identity and Access control to University Information Resources and Institutional Data.
Confidentiality of Institutional Data
The standards and practices developed and maintained in accordance with this policy shall be confidential and not considered a public record to the extent permitted by North Carolina law.
Additional References
- Appalachian Policy 901 - Information Technology Governance Policy
- Appalachian Policy 902 - Data Governance Policy
- Appalachian Policy 903 - Information Security Policy
- Appalachian Policy 906 - Acceptable Use of Computing and Electronic Resources Policy
Authority
- UNC Policy 1400.3 User Identity and Access Control
- IT Policy, Standards and Guidelines Website
- Identity and Access Management Standard
- Data Management Standard
Contact Information
Office of the Chief Information Officer (828-262-6278)
Original Effective Date
December 7, 2020