You are here

Procedure for Revocation of System Access Upon Termination

Effective Date/Issuing Authority

Effective Date: November 22, 2011
Date Last Reviewed: July 28, 2016
Date Scheduled for Review: July 2017
Issuing Authority: Vice President for Computer Services and CIO

Scope of Procedure & Rationale

A. Purpose
This procedure sets forth guidelines to ensure that Computer System access is revoked for persons whose employment has been terminated (either voluntary or involuntary). The procedure also establishes appropriate responsibilities when a termination occurs.

B. Scope
This procedure covers access to Computer Systems using an AccessNet username. It also covers a number of other non-system resources set out below.

Definitons

  • TUsecure manages AccessNet accounts and is the system by which access to Computer Services systems is managed.
  • Banner-HR-Identity Feed: the interface between Banner HR and TUsecure is a nightly batch job that updates TUsecure with data from Banner.
  • Employee Status: As part of the Banner-HR-Identity Feed, an attribute known as Employee Status is computed with the following values using certain Banner data:
    -A person is classified as terminated if they have a “V” or “T” Flag for Employee Status in the Banner-HR-Identity Feed.
    -V Flag - The V flag is considered voluntary termination. System access is disabled the same day for critical applications and offers a grace period of 90 days to non-critical application.
    -T Flag - The T flag is considered as involuntary termination and system access is disabled the same day.

Procedure

The designated individual (s) in a department notifies HR via the Termination EPAF s of the employee to be terminated. The EPAF includes a Job end Date and/or an expiration date and type of termination by using one of the eighteen designated termination codes. The Termination Codes are mapped to a code that designates Voluntary or an Involuntary termination.

In the event of voluntary termination, HR updates the person’s Banner record at the completion of the Pay Cycle to ensure the terminated employee is paid the appropriate amount in the final paycheck. The nightly interface provides the indicator (V) in the identity feed. Based on this “V” indicator, the access to systems will be revoked as per the following schedule.

  • Access to the following systems/applications will be disabled immediately after the nightly job runs:
         -Banner Applications
         -Self Service Banner
         -INB
         -COGNOS
         -Signature Authorization
         -TUmarketplace
         -Active Directory
         -Workstation Login
         -TUapps (Citrix VPN)
  • Access to the following systems/applications will be disabled after a 90-day grace period, unless the AccessNet Account is renewed before then.
         -Active Directory (optional as recommended by Information Security)
         -Exchange Email
         -Enterprise Directory (optional as recommended by Information Security)
         -TUmail
         -Blackboard
         -TUportal
         -TUsecurewireless

In the event of involuntary termination, HR updates the person’s Banner record in accordance with the pay cycle to ensure the individual is paid all due funds. The nightly interface provides the indicator (T) and a pre-programmed email is sent to Office of Information Security and the Office of Identity and Access Management. If access to systems has to be revoked immediately, HR will contact the Office of Information Security to provide directions and timing of revocation of access.

  • Access to the following systems/applications will be disabled immediately after HR contacts Office of Information Security or after the nightly job runs:
         -Banner Applications
         -Self Service Banner
         -INB
         -COGNOS
         -Signature Authorization
         -TUmarketplace
         -Active Directory (Optional)
         -Exchange Email
         -Workstation Login
         -TUapps (Citrix VPN)
         -Enterprise Directory (Optional)
         -TUmail
         -Blackboard
         -TUportal
         -TUsecurewireless
  • In addition to system access, for involuntary terminations, the Information Security team will contact the appropriate offices to notify them about the termination:
         -Parking Access
         -Building Access
         -OWLcard
         -Diamond Dollars Access
         -Library Borrowing Access