Skip to Page Content
section image picture

Access Services

User Account Management Standards

The University System of Georgia (USG) has released new standards regarding user account management for information systems containing restricted or sensitive data.  Effective July 1, 2013, the University of Georgia is required to implement these standards by adhering to the following administrative procedures.

  • Employees who leave the University must have their access to systems containing restricted and sensitive information removed no more than five (5) business days after the effective  date.
  • Employees who change departments within the University must have their access to systems containing restricted and sensitive information updated to reflect their new duties within thirty (30) days of the effective date. Employees who change jobs within the same department should have their account permissions reviewed within the same 30-day period.
  • Units maintaining information systems containing restricted and sensitive information are required to review all user access annually, making adjustments as appropriate, and document their findings with their campus information security officer. At UGA, the associate CIO for university information security will maintain this information. 

To provide support to units in meeting these requirements, EITS has implemented new procedures automating the sharing of information regarding employee departures and departmental transfers.

  • Individuals responsible for information systems containing sensitive or restricted information will be required to join a listserv where they will be provided daily reports on employees who have left the university or who have transferred to a new Unit. Files will be available electronically allowing Units to automate these procedures should this be desired.
  • To automate these processes at the University level, EITS takes steps to deactivate mainframe (RACF) and Banner user accounts, and the UGA MyID of those individuals who depart the University. The UGA MyID inactivation does not apply to students or retirees. Users who change departments will automatically have their user accounts revoked and will be required to request new system access based on their new duties.

University departments are expected to document compliance with these standards which shall be subject to inspection by University or USG auditors. For information on the complete USG standards browse to Board of Regents IT Handbook on the Web.

UGA has outlined procedures to complete the annual user access reviews.

Department and other Unit heads should work to identify the individuals within their areas who are the functional system owners for information systems containing sensitive and restricted information. Names of these individuals should be submitted to adminfo@uga.edu.

Last modified:  December 2, 2016