Information Resources Use and Security Policy

4.1. Individuals who use accounts with special privileges (for example, System Administrators) must use these accounts only for their intended administrative purposes.

4.2. Individuals who use accounts with special privileges may perform investigations relating to the potential misuse of information resources by an individual user only under the direction of the Information Security Office.

4.3. All colleges, schools, and units (CSUs) of the university must submit a list of administrative contacts to the Information Technology Services (ITS) Networking group, using ITS provided tools (for example, UTnet management tools) for all systems connected to the university network.

4.4. All individuals whose accounts have special privileges must complete a Background Check for Staff/Faculty. Additionally, all individuals assigned special privileges should acknowledge their responsibilities by signing a form such as a Position of Special Trust form.

4.5. The password for a shared administrator/special access account must change when any individual knowing the password leaves the department or university or changes role; or upon a change in the vendor personnel assigned to university contracts having password access.

4.6. For all systems serving out information resources there must be a password escrow procedure in place to enable someone other than the administrator to gain access to the system in an emergency situation.

4.7. When special privileges are needed for auditing, software development, software installation, or other defined needs, they:

4.7.1. Must be authorized by the appropriate department head or owner;

4.7.2. Must be created with an expiration date when supported; and

4.7.3. Must be removed and disabled when work is complete.