Identity and Access Management Policy

From Appalachian State University Policy Manual
Revision as of 12:26, 14 December 2020 by Mcnaneym (talk | contribs) (Sorted references)

Policy 905

Introduction

The security, privacy, and integrity of Institutional Data is an operational priority for Appalachian State University (“Appalachian”). The purpose of this policy is to outline responsibilities and authorities for the effective management of Appalachian’s User Identity and Access Control Program.

Scope

This policy applies to all Appalachian State University employees, students, visitors and vendors.

Definitions

User Identity

An electronic identity Data Element that represents a known individual or group affiliated with the University.

Access

The ability and means to: (a) communicate with or otherwise interact with Institutional Resources; (b) use Information Technology to Access Institutional Data; (c) gain knowledge of Institutional Data contained in Information Technology; or (d) control Information Technology components and functions.

[Other Terms]

Other capitalized terms have the same meaning as defined in Appalachian Policy 901 – IT Governance Policy and Appalachian :Appalachian Policy 902 - Data Governance Policy

Policy and Procedure Statements

Roles and Responsibilities

The Chancellor has delegated authority and oversight for the administration and implementation of Appalachian's User Identity and Access control functions to the Chief Information Officer. The Chief Information Officer is responsible for developing and overseeing a User Identity and Access Control Program (the “Program”) that includes:

  1. the implementation and maintenance of User Identity confirmation and Access control techniques, including the User Identity and Access of students, faculty, and staff, and other individuals with Access to the University’s Information Resources and Institutional Data;
  2. the development and implementation of IT Standards to establish the University’s Identity and Access Management practices in accordance with UNC System policies and standards;
  3. ensuring that Appalachian’s User Identity and Access Control Program incorporates measures to sufficiently control Access to Institutional Data consistent with federal and state laws, and UNC System policies; and
  4. seeking and receiving recommendations from the IT Governance Groups and Data Governance Groups on risk-informed techniques to confirm User Identity and Access control to University Information Resources and Institutional Data.

Confidentiality of Institutional Data

The standards and practices developed and maintained in accordance with this policy shall be confidential and not considered a public record to the extent permitted by North Carolina law.

Additional References

Appalachian Policy 901 - Information Technology Governance Policy
Appalachian Policy 902 - Data Governance Policy
Appalachian Policy 903 - Information Security Policy
Appalachian Policy 906 - Acceptable Use of Computing and Electronic Resources Policy

Authority

UNC Policy 1400.3 User Identity and Access Control
IT Policy, Standards and Guidelines Website
Identity and Access Management Standard
Data Management Standard

Contact Information

Office of the Chief Information Officer (828-262-6278)

Original Effective Date

December 7, 2020

Revision Dates