POLICY 08:13:02

COMPUTER ACCOUNTS

Purpose
The purpose of this policy is to define the requirements for providing and revoking accounts to users to protect the security and integrity of the College’s network, resources, data and technology.
Scope and Applicability
This policy applies to all individual user computing accounts provided by the College and used for college-related activities that support the mission, goals and purposes of the College. By logging into a College-provided account, the user of the account agrees to comply with Policy 08:13:01 Information Technology Acceptable Use, 08:04:05 Information Technology Resources and Tennessee Board of Regents (TBR) Policy 1:08:00:00 Information Technology Resources and Policy 1.08.03.00 Access Control.
Definitions
Administrator Accounts – System accounts with privileges that allow a user to perform super-user functions such as installing software, altering critical system configurations or data, and granting permissions to other accounts
Banner Account – Account for an employee or agent of the college that provides access to student, financial, or other restricted or confidential information located in the College’s student, finance, financial aid and other information systems
Courtesy Account – Account for a guest or visitor of the college which provides access to the internet and selected College resources, systems and data at the level required for a work assignment or other need
Student Accounts – Account for a student which provides access to College networks, resources, systems and data at the level required for academic work
General User Accounts – Account for a faculty or staff member which provides access to College networks, resources, systems and data at the level required for a work assignment
Policy and User Responsibilities
Pellissippi State Community College will ensure the confidentiality, integrity, and availability of technology and data through the development and implementation of compliance standards which address security requirements and expectations for acceptable access to College networks, systems, resources and data. These standards will follow industry-defined best practices in securing technology and data. Pellissippi State Community College emphasizes the integration of computer technology in academic and administrative activities, including enhanced accessibility of information through storage and retrieval, networking and communication developments, and other uses of computers and informational technologies for teaching, learning, and management. In order to gain access to this information, users need authorized accounts. All account users are responsible for adhering to campus security policies and standards. There are several types of accounts:
1. General User Account
2. Student Account
3. Banner Accounts
4. Courtesy Accounts
The general user account and the student account provide access to E-mail, Internet, local network drives, etc. All full-time and part-time employees, including adjunct faculty, are authorized to receive a general user account at the time their contract with the College is official, or as authorized by the chief academic officer. No additional paperwork is needed to authorize an account for full-time employees. All parttime employee accounts must be requested by the appropriate department head. Adjunct accounts must be requested by the department dean each semester. Department heads and deans are responsible for notifying Information Services when a part-time employee is no longer with the College. The accounts for full-time and part-time employees remain active as long as they are employed by the College. Fulltime faculty and all staff accounts are disabled on the last day of employment, unless the user is retiring and has requested a retiree email account. Adjunct faculty members shall be granted limited access before and after their course start and end dates to perform the duties necessary for their position, upon request involving reasons for the extension and specific access.
All students, full-time and part-time, are authorized to receive a student account when they are admitted to the College. The account remains active for as long as the student is enrolled. Student accounts are disabled after one semester of non-attendance. Student accounts are not disabled during summer term. Accounts are purged from Active Directory approximately twelve (12) months after being disabled.
Based on the user’s role with the College, some general user accounts may also have a corresponding Banner account to provide access to student, financial, or other restricted or confidential information. Banner faculty advisor accounts are created automatically for full-time and part-time faculty at the time their contract with the College is official or as authorized by the chief academic officer. User accounts are granted different levels of permission in accordance with their assigned roles in the College. Permission levels are requested from their assigned department directors to HelpDesk for proper change management tracking. Banner accounts require a Security Request form and appropriate approvals from the data custodian(s) as defined in Policy 08.13:12 Data Access Management. The security request form is located on the employee portal page.
People not officially associated with the College may be authorized for a courtesy account. Accounts are requested by email request to the HelpDesk. The request must indicate a date to deactivate the account and the information the courtesy user needs to access. Courtesy accounts must comply with TBR guidelines.
User accounts can be suspended at any time if requested by an appropriate representative in the respective department or College or the vice president of Information Services. Unless otherwise authorized, a user’s account must be disabled by the user’s last day of employment or other relationship with the University.
1. User Responsibilities
  Each user must protect their account and password from accidental or deliberate compromise. All accounts are required to follow existing password strength and complexity rules to help ensure their integrity.
  Users should not use their account to break into any other account, probe other systems for vulnerabilities, to interfere with other people’s use of computers or networks, to eavesdrop on network traffic, to create and disseminate malicious code that causes trouble to others, or to perform denial of service attacks.
  Users may not use a College-provided account to support any business or other commercial activity.
Enforcement
Failure to comply with this policy may result in temporary or permanent denial of access to computer or information technologies, or in some cases may result in college disciplinary action or legal action. Possible violations of this policy, other campus policies or illegal activity may have other disciplinary actions taken as listed in Pellissippi State Policy 08:13:01 Information Technology Acceptable Use. Disciplinary actions will conform with other college policies and may result in a disciplinary review conducted by the vice president of Student Affairs, or designee, in matters involving alleged violations by students, or by the director of Human Resources in matters involving employees of the College.

Reviewed/Recommended: President’s Council, April 29, 1996
Approved: President Allen G. Edwards, May 2, 1996
Approved: President Allen G. Edwards, March 17, 1997
Approved: President Allen G. Edwards, August 23, 1999
Approved: President Allen G. Edwards, August 19, 2002
Approved: President Allen G. Edwards, April 26, 2004
Reviewed/Recommended: President’s Staff, April 14, 2008
Approved: President Allen G. Edwards, April 14, 2008
Editorial Changes, April 30, 2009, July 1, 2009
Reviewed/Recommended: President’s Staff, March 22, 2010
Approved: President Allen G. Edwards, March 22, 2010
Reviewed/Recommended: President’s Council, November 24, 2014
Approved: President L. Anthony Wise, Jr., November 24, 2014
Reviewed/Recommended: President’s Council, September 9, 2019
Approved: President L. Anthony Wise, Jr., September 9, 2019