System Account Policies

Computer and Network System Account Policies and Procedures

Contents:

1.0 Purpose

2.0 Definitions of Accounts

2.1 Conditions of Use

2.2 General Computer/Network User Accounts

3.0 Kettering University Account Eligibility

3.1 Account Creation and Removal, Deletion or Deactivation

3.2 Account Exception Process

3.3 Account Eligibility Table

4.0 Password Policies and Account Security

5.0 Employee Termination Policy (Accounts and Resources)

6.0 Account Termination and Resource Purge Policies

7.0 Policy Exceptions and Exclusions

1.0 Purpose

Kettering University is an independent, accredited university offering strong Bachelor and Master of Science programs in engineering, science, mathematics, and management in conjunction with a unique system of cooperative education. The user account and resource policies outlined in this section are designed to promote clear expectations about how accounts and resources are created, about who is eligible for what, about issues of security and confidentially, and about how accounts and resources are affected following changes in academic or employment status.

2.0 Definition of Accounts

Each of Kettering University's information resources and systems has unique and fundamental differences in eligibility, account duration and provisions for security.

2.1 Conditions of Use

Requirements and conditions concerning individual responsibilities in the use of Kettering University computer accounts are described in the University's "Acceptable Use Policy" located in the Information Technology Web site under "Policies and Standards." All persons are expected to understand and abide by the conditions stated in the policy.

2.2 General Computer/Network User Accounts

Banner Self Service
Banner is Kettering University's main resource for academic, personal and employment information. Self Service (Banner Web) is the primary, Web-based, general user interface for personal student information, for academic information (both students and faculty), for employee/personal information, and for departmental financial data.

Banner INB (Internet Native Banner)
In addition to Banner Self Service, a highly restricted interface is provided to the Business and Accounting departments through INB. These accounts are privileged and available only to Kettering University employees responsible for maintaining academic, administrative, personnel and employment records.

Blackboard
Blackboard is Kettering University's on-line learning, content and community system used to provide Web-based courses and virtual learning environments to Kettering University students, faculty and staff.

Windows Network
The Windows Network account provides log-in identification for university owned computer systems, as well as access to Windows Network resources such as: applications, public and department shared folders, all academic Windows labs and shared printers.

UNIX/Linux Servers
Kettering University maintains a number of UNIX/Linux servers for academic and administrative purposes. Each server has its own account configuration that is managed individually but users are authenticated through a LDAP server allowing the same password and ID to be used to access these systems.

Email Servers
The Email Servers are high-performance email and calendar servers that provides Web based email and calendar service as well as desktop email. Support for POP, IMAP, and Outlook synchronization allows access from any common desktop PC client. It also features a portfolio of collaborative services such as group calendaring.

3.0 Kettering University Account Eligibility

Kettering University computer accounts and network resources are intended for use by Kettering University faculty, staff and students for academic development or University business. There may also be times when access to University resources (generally by on-campus, third party service providers) is deemed to be in the best interests of Kettering University. This section defines specific resources and aspects of account eligibility as determined by an individuals "status."

3.1 Account Creation and Removal Deletion - Deactivation

User account and resource creation regardless of the specific account or resource is governed by an individual's "status" as recorded within the Banner Information System. ("Status" includes such categories as active student, alumnus, active employee, inactive student, former employee, etc.)

The first step in the account creation process is that the individual needs to have a record in Banner. For faculty, staff and "exceptions", (such as contract employees), this occurs at the onset of employment and is managed by the Human Resources department. Kettering applicant student records are created by admissions. Active student records are maintained by the Registrar's Office. Alumni records are managed by the University Advancement office.

The first step in account and resource privilege removal is taken by Human Resources for employees and the Registrar for active students. The removal/deactivation process follows the steps outlined below.

Account creation process that determines a person's "status" in Banner:

HR enters new employee information into Banner creating an active employee status.

Admissions move the new student information from the Admissions database to the general student records table in Banner creating an active student.

An automated process within Banner creates an email username address that is sent to Information Technology system administrators for LDAP, Blackboard, Email, UNIX, and Active Directory user account creation.

The account management process is dependant on the official "status" indicator in Banner for both employees and students.

3.2 Account Exception Process

As noted above, the "status" indicator determines a person's account/resource eligibility and default privileges. An exception to the normal process is warranted if a person does not have a "status" as defined on the basis of student status or University employment. Generally, these exceptions are provided for on-campus third party service providers, part time employees or contractors. Initial approval for exception status is made within the student's or employee's department followed by a formal request to the appropriate University designee (Human Resources or Registrar). Once approved, a record for the individual is entered into Banner and the account creation process is initiated.

3.3 Account Eligibility

The following describes eligibility rules as they apply to all Kettering University faculty, staff and students and may be extended to those with "exception" status on a case by case basis. A Banner Information Systems account is required to obtain any Kettering University computer system/resource account.

Banner Information System - Self Service

All Kettering University students, faculty and staff are assigned a general Banner account record. These accounts' records are accessible through the Banner Self Service (Banner Web) system. Faculty and staff accounts are created upon employment. Once an individual's personal information is entered into Banner, it remains in the system indefinitely. Kettering University reserves the right to modify this provision on a case-by-case basis determined to be in the "best interests" on the university

INB - Internet Native Banner

Persons needing INB accounts may need to complete training in the Federal Educational Right to Privacy Act (FERPA) which governs how the university handles personal information. Employees that conduct business operations concerning Kettering University students and employees may be granted an INB account.

Blackboard

Eligibility for a Blackboard account is automatically granted to all faculty, staff and students as determined by their Banner "status."

Windows Network

Windows Network accounts are provided to all faculty, students and staff according to their Banner "status."

UNIX/Linux Systems

UNIX/Linux accounts are available for university students, faculty and staff. Only system administrators have shell accounts on the Unix/Linux servers unless otherwise approved by Kettering managed responsible for the UNIX/Linux system or server. Faculty and students have accounts on the Unix/Linux servers that support the engineering and computer science courses.

Email

Eligibility for an Email account is automatically granted to all faculty, staff and students as determined by their Banner "status" and is authenticated by a central LDAP server.

4.0 Password Policies and Account Security

There are a number of policies that pertain to passwords and security involved with the privilege of utilizing computer and network resources at Kettering University. Faculty, staff and students at Kettering University may have a variety of computer accounts and passwords, many of which access important and sometimes confidential University information. It is imperative that these resources be managed with security and confidentiality in mind. Below are some general account password policies, followed by a table presenting additional rules and guidelines unique to each resource:

  1. It is incumbent upon each Kettering University faculty, staff and student to be mindful of potential information security risks and take appropriate steps to protect University resources entrusted to them. Confirmed or suspected compromises in informational security should be immediately reported to the Information Technology Help Desk.
  2. Under no circumstances should account passwords ever be disclosed or shared with anyone. If you have resources that others need to access, Information Technology can offer a variety of technical solutions that will afford such access without compromising system integrity. Information Technology staff will never need to know the specifics of your passwords. Do not offer such information under any circumstances.
  3. Passwords should never be written down or otherwise recorded in ways that they may be easily found by an unauthorized person.
  4. Strong password techniques should be used. These include: not using obvious names, identities, hobbies, etc; not using words that can be found in the dictionary; incorporating mixed-cases, numbers, letters and special characters whenever possible; and periodically changing passwords.

The following resource-specific password policies are also pertinent:

Banner Information System - Self Service

Self Service (Banner Web) uses your Kettering University email password stored in LDAP. Passwords must be a minimum of six (6) characters and a maximum of eight  and must be made up of one number and special character following the strong password guideline noted above.

INB Internet Native Banner

Passwords must be at least 8 letters long, start with a letter and must contain at least one number (0..9) and at least 1 of the following punctuation marks

~ ! # % ^ * ( ). Passwords expire every 180 days. If you attempt to log in with an incorrect password 5 consecutive times your account will be locked for one hour. To have your account unlocked or to reset your password, please call the Help Desk.

Blackboard

Passwords must be a minimum of six characters and a maximum of eight and must be made up of one number and special character following the strong password guideline noted above.

Windows Network

Passwords must be a minimum length of eight characters and you may not reuse the previous six passwords when you reset your password. The maximum password age is ninety-two days. You will get advanced notice five days before you need to change your password. It is advised that you use the strong password guideline noted above when setting your password.

Unix/Linux Systems

Passwords must be a minimum of six characters and a maximum of eight and must be made up of one number and special character following the strong password guideline noted above.

Email

Passwords must be a minimum of six characters and a maximum of eight and must be made up of one number and special character following the strong password guideline noted above.

5.0 Employee Termination Policy (Accounts and Resources)

The following section provides detailed information regarding the processes and responsibilities of Human Resources, faculty, staff and their supervisors at the time of employee separation. These procedures specify the steps that will take place in the account/resource termination process, as well as detail when these activities will take place, what the former employee is obligated to do, and where University over-site is needed.

  1. Employee and Supervisor Obligations
    1. Employee Notification: Approximately one week prior to the employee's scheduled termination date, the employee will receive email notification from HR of the requirements set forth in this policy.
    2. Supervisor Notification: Approximately one week prior the employee's scheduled termination date, the direct supervisor will receive email notification from HR of the requirements set forth in this policy.
    3. Employee Obligation of Disclosure: The employee is obligated to disclose to the supervisor all privileged information such as key contacts, email addresses, and phone numbers, files and archives etc. relevant to the functions/business responsibilities held on behalf of the University.
    4. The employee and supervisor shall review information stored on the desktop, or laptop, computer and either copy filed to the appropriate backup, or make sure critical Kettering University data is maintained. All "personal" information needs to be removed from the desktop, or laptop, computer.
    5. The departing employee's access to the desktop computer and network systems will be removed in accordance with the timelines for disablement of the employee's accounts as described below.
  2. Banner Information System Account Termination

Banner Information System accounts and employee related access will be disabled immediately following the employee's last day of work. (For details, please see Policy 6.A.3 below.)

  1. Windows Network Account Termination

Windows network and system accounts will be disabled immediately following the employee's last day of work and stored information will be moved to their supervisor's home directory for final disposition of department and personal files. This process may be overridden due to extenuating circumstances approved by former employee's Vice President or Human Resources.

  1. Employee Termination for Cause

Kettering University reserves the right to revoke or modify any and all aspects of account eligibility, access, or notification in the event that employment of an individual is terminated for cause.

6.0 Account Termination and Resource Purge Policies

The following describes account and resource policies for former students and employees of Kettering University. Unless special circumstances or unusual conditions apply, all former students and employees' accounts will be disabled at the time of their status change in Banner and managed as described below.

Kettering University Information Technology reserves the right to modify these provisions on a case-by-case basis determined by what is deemed to be in the "best interest" of the University

 Former StudentFormer Employee

Banner Self Service

  1. Access to the Banner Self Service System student records continues indefinitely and student data is not purged.
  2. Kettering University reserves the right to restrict former student access if just cause is determined.
  3. Former student standing: access continues for former students employed by the University provided that employment termination was not for cause.
  1. Employee data is not purged. However, employee access to Banner is disabled at the end of employment.
Internet Native Banner
  1. Resource not available to students. No termination polices apply.
  1. INB access is disabled upon employee separation.
Blackboard
  1. Blackboard access is terminated 30 days after the student has no current or pending enrollment in courses that utilize the Blackboard system.
  1. Blackboard access is disabled after the employee is separated from the University.
Windows Network
  1. Student Windows Network accounts are disabled after the student has no current or pending enrollment in courses that utilize student computer labs. Accounts are removed five weeks after graduation or not active in Banner over 6 months. An active status in Banner overrides the graduation removal.
  1. Windows Network accounts are disabled upon employee separation.
Unix/Linux Systems
  1. Unix/Linux access is terminated after the student has no current or pending enrollment in courses that utilize the Unix/Linux labs.
  1. Unix/Linux access is terminated after the employee is separated from the University.
E-mail
  1. Email accounts are disabled after the student has no current or pending enrollment in courses and is separated from the University.
  2. Email accounts are held open and active for 90 days after a student graduates from the University
  1. Email access is disabled after the employee is separated from the University.

7.0 Policy Exceptions and Exclusions

Kettering University computer accounts and network resources are intended for use by Kettering University faculty, staff and students. All users are expected to understand and abide by the provisions set forth in the Kettering University Acceptable Use Policy.

Outside parties will not have access to campus computer resources unless they are granted "exception" status by the appropriate university authority.

Exceptions and exclusions to the policies and procedures outlined in this policy document must be formally approved by the CIO, Vice President of Information Technology in concurrence with the Human Resources department for former employees along with the Associate Provost for Academic Services and the Associate Provost for Student Affairs for former students.