The Board of Regents established the Information System User Account Management standard in 2013. This standard states that all System Owners must review accounts
of Users who can access sensitive and/or critical information systems and ensure that
their ability to access and level of access is appropriate. The standard also states
that this review must be conducted every four months. However, due to UGA established
compensating controls, UGA is only required to conduct these access reviews annually
for sensitive and/or critical systems.
The procedures listed below are an outline of the minimum effort needed to comply with this guideline.