Identity and Access Management Policy: Difference between revisions

From Appalachian State University Policy Manual
 
(One intermediate revision by the same user not shown)
Line 17: Line 17:


=== [Other Terms] ===
=== [Other Terms] ===
Other capitalized terms have the same meaning as defined in Appalachian [[Information Technology Governance Policy|Policy  
Other capitalized terms have the same meaning as defined in [[Information Technology Governance Policy|Appalachian Policy  
  901 – IT Governance Policy]] and Appalachian :[[Data_Governance|Appalachian Policy 902 - Data Governance Policy]]
  901 – IT Governance Policy]] and [[Data_Governance|Appalachian Policy 902 - Data Governance Policy]]


== Policy and Procedure Statements  ==
== Policy and Procedure Statements  ==
Line 36: Line 36:


== Additional References ==
== Additional References ==
:[[Acceptable Use of Computing and Electronic Resources Policy|Appalachian Policy 906 - Acceptable Use of Computing and Electronic Resources Policy]]
:[[Information Security Policy|Appalachian Policy 903 - Information Security Policy]]
:[[Information Technology Governance Policy|Appalachian Policy 901 - Information Technology Governance Policy]]
:[[Information Technology Governance Policy|Appalachian Policy 901 - Information Technology Governance Policy]]
:[[Data_Governance|Appalachian Policy 902 - Data Governance Policy]]
:[[Data_Governance|Appalachian Policy 902 - Data Governance Policy]]
:[[Information Security Policy|Appalachian Policy 903 - Information Security Policy]]
:[[Acceptable Use of Computing and Electronic Resources Policy|Appalachian Policy 906 - Acceptable Use of Computing and Electronic Resources Policy]]


== Authority ==
== Authority ==

Latest revision as of 12:26, 14 December 2020

Policy 905

Introduction

The security, privacy, and integrity of Institutional Data is an operational priority for Appalachian State University (“Appalachian”). The purpose of this policy is to outline responsibilities and authorities for the effective management of Appalachian’s User Identity and Access Control Program.

Scope

This policy applies to all Appalachian State University employees, students, visitors and vendors.

Definitions

User Identity

An electronic identity Data Element that represents a known individual or group affiliated with the University.

Access

The ability and means to: (a) communicate with or otherwise interact with Institutional Resources; (b) use Information Technology to Access Institutional Data; (c) gain knowledge of Institutional Data contained in Information Technology; or (d) control Information Technology components and functions.

[Other Terms]

Other capitalized terms have the same meaning as defined in Appalachian Policy 901 – IT Governance Policy and Appalachian Policy 902 - Data Governance Policy

Policy and Procedure Statements

Roles and Responsibilities

The Chancellor has delegated authority and oversight for the administration and implementation of Appalachian's User Identity and Access control functions to the Chief Information Officer. The Chief Information Officer is responsible for developing and overseeing a User Identity and Access Control Program (the “Program”) that includes:

  1. the implementation and maintenance of User Identity confirmation and Access control techniques, including the User Identity and Access of students, faculty, and staff, and other individuals with Access to the University’s Information Resources and Institutional Data;
  2. the development and implementation of IT Standards to establish the University’s Identity and Access Management practices in accordance with UNC System policies and standards;
  3. ensuring that Appalachian’s User Identity and Access Control Program incorporates measures to sufficiently control Access to Institutional Data consistent with federal and state laws, and UNC System policies; and
  4. seeking and receiving recommendations from the IT Governance Groups and Data Governance Groups on risk-informed techniques to confirm User Identity and Access control to University Information Resources and Institutional Data.

Confidentiality of Institutional Data

The standards and practices developed and maintained in accordance with this policy shall be confidential and not considered a public record to the extent permitted by North Carolina law.

Additional References

Appalachian Policy 901 - Information Technology Governance Policy
Appalachian Policy 902 - Data Governance Policy
Appalachian Policy 903 - Information Security Policy
Appalachian Policy 906 - Acceptable Use of Computing and Electronic Resources Policy

Authority

UNC Policy 1400.3 User Identity and Access Control
IT Policy, Standards and Guidelines Website
Identity and Access Management Standard
Data Management Standard

Contact Information

Office of the Chief Information Officer (828-262-6278)

Original Effective Date

December 7, 2020

Revision Dates