Policy Statement

To provide a comprehensive account management process that allows only authorized individuals access to University Data and Information Systems.

Applicability

This policy applies to all Information Systems, University Data, identities and accounts used to access them and University Data.

Definitions

Information System: An individual or collection of computing and networking equipment and software used to perform a discrete business function. Examples include the eLearning System, ISIS, the EPIC electronic medical records system, a lab system and associated PC or the set of desktop computers used to perform general duties in a department.

University of Florida Data: Data in any format collected, developed, maintained or managed by or on behalf of the University, or within the scope of University activities. The terms ‘data’ and ‘information’ are used interchangeably in the context of the information security program.

Policy Specifics

  1. All persons and processes granted access to an information system, beyond that explicitly intended for unauthenticated public access must be uniquely and individually identified and authenticated.
  2. All university managed or contracted services must accept Gatorlink credentials, unless the primary user base includes those not eligible to obtain Gatorlink accounts.
  3. All persons and processes that have been granted access to an information system must have an approved and documented level and scope of access.
  4. Access to University Data and Information Systems is to be promptly modified upon changes in university affiliation, position, or responsibilities.

Review and Adjudication

  1. All members of the University Constituency are responsible for all actions initiated from accounts issued to them.
  2. Managers of university employees are responsible for promptly coordinating suspension of accounts for terminated employees.
  3. Information Security Administrators (ISAs) are responsible for developing and implementing procedures to properly authorize, modify or terminate accounts and permissions.
  4. Information Security Managers (ISMs) are responsible for implementing Information Systems such that account authorizations are promptly enforced.

Policy Violations

Users who violate this policy may be denied access to university IT resources. Failure to comply with this policy could result in disciplinary action for employees, up to and including termination. Volunteers may have their volunteer status terminated.

History

Revision DateDescription
January 20, 2016 Policy originally adopted
August 1, 2022  Policy updated

Questions

Please direct any questions concerning this template to policy.ufl.edu.