Skip to content. | Skip to navigation

Personal tools
You are here: Home Policies and Standards InfoSec Policies & Standards ISO PS020 Sponsored Accounts

ISO PS020 Sponsored Accounts

 

 

Policies and Standards

ISO PS020 Sponsored Accounts

[Previous]  [Next]  [Policy Home]

Encryption FAQs

Policy Name: Sponsored Account Policies
Policy Number: ISO PS020
Effective Date: February 14, 2011
Review Date: January 29, 2013
Last Revision Date: January 29, 2013
Last Revision By: Kim Adams
Contact Name: Brenda B. Gombosky
Contact Email: ISOPol@louisville.edu
Approved By: Matt Witten
Version: 1.1


POLICY:

The purpose of the sponsored account policy is to ensure that Sponsored accounts are only available to individuals that are not employed by the University of Louisville but have a valid business or academic relationship that requires the account(s) and/or access.

 The Acceptable Use Policy at:  http://security.louisville.edu/PolStds/ISO/PS007.htm serves as the foundation for this policy and addresses issues related to confidentiality, intellectual property, privacy, and disclosure.


STANDARDS:

 

Sponsored accounts are available for individuals that are not employed by the University of Louisville but have a valid business or academic relationship that requires the account(s) and/or access.  Some valid reasons for sponsoring an account would be:

o   Visiting academic groups

o   Temporary or visiting instructors if no other process for provisioning is currently in place

o   Third party doing administrative or academic  business for or with a university entity needing technical access

·         Accounts can only be requested by a Unit Business Manager / or the designated Tier I for the unit and approved by a VP or Dean, Dept. Chair (academic), supervisor (administrative) or designee.  The account request must include the specific purpose (business or academic) of the sponsorship and the access restricted to only information and resources required for the specified purpose. 

·         The use of the University's computing facilities in connection with University activities and limited personal use is a privilege extended to various members of the University community; it is not a right.

·         Users of the University's computing facilities are required to comply with, and by using such facilities agree that they are on notice of and agree to comply with, be subject to, and grant the University the right to implement, Information Security policies, including but not limited to the Acceptable Use Policy.  https://security.louisville.edu/PolStdsISO/ISO/PS007.

·         Users also agree to comply with applicable federal, state and local laws and to refrain from engaging in any activity that is inconsistent with the University's tax-exempt status or that would subject the University to liability.

·         The University reserves the right to amend these Conditions and Policies at any time without prior notice and to take such further actions as may be necessary or appropriate to comply with applicable federal, state, and local laws. Also, to protect the integrity of the University's computing facilities and its users against unauthorized or improper use of those facilities, and to investigate possible use of those facilities in violation of or in aid of violation of University rules and policies.

·         The University also reserves the right, without notice, to limit or restrict any individual's use, and to inspect, copy, remove and/or otherwise alter any data, file, or system resource which may undermine the authorized use of any computing facility or which is used in violation of University rules or policies.

·         University of Louisville also reserves the right periodically to examine any system and any other rights necessary to protect its computing facilities.

·         The University disclaims responsibility for loss of data or interference with files resulting from its efforts to maintain the privacy and security of those computing facilities or from system malfunction or any other cause.

·         The term "computing facility" means, refers to, and includes any and all forms of computer-related equipment, tools, and intellectual property, including computer systems, personal computers, computer networks, and all forms of software, firmware, operating software, and application software, which are owned or leased by the University or are under the University's possession, custody, or control.

·         In addition the sponsoring department must agree to and ensure:

o   That the individual being sponsored has read and agrees to abide by Acceptable Use policies before obtaining the account(s) and/or access.

o   The Sponsoring department/school agrees to be responsible for actions of the individual being sponsored while they are utilizing computing resources at the University of Louisville.

o   Any violations that occur resulting from the use of sponsored account(s)/access will be the responsibility of the Sponsoring department/school.  This includes any monetary outlay that may result.

o   Sponsored accounts are only valid for a maximum of one year and renewable every six months.  Accounts are configured to expire upon contract expiration or within one year from creation.

If the need for access ends before the set expiration date, it is the responsibility of the Sponsoring department/school to ensure the account(s) and/or access is terminated.


 

SCOPE / APPLICABILITY:

All persons, including student employees and sponsored account holders, while conducting/performing work, teaching, research or study activity or otherwise using University resources. Scope/Applicability also includes all facilities, property, data and equipment owned, leased and/or maintained by the University or affiliates.

POLICY AUTHORITY / ENFORCEMENT:

The University's Information Security Officer (ISO) is responsible for the development, publication, modification and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology, Audit Services and others for development, monitoring and enforcement of these policies and standards.

POLICY REVIEW:

This policy will be reviewed annually to determine if the policy addresses University risk exposure and is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed per the Policy Management process.

COMPLIANCE:

Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.


REVISION HISTORY:

Version / Revision Date / Description

1.0 / February 14, 2011 / Original Publication

1.1 / January 29, 2013 / Content Update


This policy is subject to change or termination by the University at any time. This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject.

Approved February 14, 2011 by the Strategic Technology Executive Committee

[Next]

Document Actions
Personal tools