User Account Management Standards
The University System of Georgia (USG) has released new standards regarding user account
management for information systems containing restricted or sensitive data. Effective
July 1, 2013, the University of Georgia is required to implement these standards by
adhering to the following administrative procedures.
- Employees who leave the University must have their access to systems containing restricted
and sensitive information removed no more than five (5) business days after the effective
- Employees who change departments within the University must have their access to systems
containing restricted and sensitive information updated to reflect their new duties
within thirty (30) days of the effective date. Employees who change jobs within the
same department should have their account permissions reviewed within the same 30-day
- Units maintaining information systems containing restricted and sensitive information
are required to review all user access annually, making adjustments as appropriate,
and document their findings with their campus information security officer. At UGA,
the associate CIO for university information security will maintain this information.
To provide support to units in meeting these requirements, EITS has implemented new
procedures automating the sharing of information regarding employee departures and
- Individuals responsible for information systems containing sensitive or restricted
information will be required to join a listserv where they will be provided daily
reports on employees who have left the university or who have transferred to a new
Unit. Files will be available electronically allowing Units to automate these procedures
should this be desired.
- To automate these processes at the University level, EITS takes steps to deactivate
mainframe (RACF) and Banner user accounts, and the UGA MyID of those individuals who
depart the University. The UGA MyID inactivation does not apply to students or retirees.
Users who change departments will automatically have their user accounts revoked and
will be required to request new system access based on their new duties.
University departments are expected to document compliance with these standards which
shall be subject to inspection by University or USG auditors. For information on the
complete USG standards browse to Board of Regents IT Handbook on the Web.
UGA has outlined procedures to complete the annual user access reviews.
Department and other Unit heads should work to identify the individuals within their
areas who are the functional system owners for information systems containing sensitive
and restricted information. Names of these individuals should be submitted to firstname.lastname@example.org.
Last modified: December 2, 2016