Source: www.glos.ac.uk. All Rights Reserved. 2024 University of Gloucestershire
Last updated: 31 January 2022
University of Gloucestershire Library, Technology & Information Service
LTIU-POL-02
| Issue | Date of Issue | Reason for Issue |
| 1 | 18/04/18 | Major Revision |
| 2 | 31/10/18 | Major Revision |
| 3 | 02/01/20 | Review |
| 4 | 23/03/21 | Major Revision |
| Name and Title | Signature | Date | |
| Author | Robin Livesey Infrastructure Manager | 23/03/21 | |
| LTI Approval | Rob Blagden Director LTI Service | 23/03/21 | |
| University Approval | David James Dean of Academic Development | 23/03/21 | |
| Release Authority | Andrew Luck Head of IT | 23/03/21 |
The University of Gloucestershire (the “University“) is committed to providing a safe and secure environment, where students, staff, agents, partners, visitors and contractors can use technology to support their study/work and development, whilst being free from harassment, bullying or discrimination.
The following policy has been developed to help foster and promote a suitable and secure learning/working environment. Therefore, all students, staff, agents, partners, visitors and contractors are required to follow the rules stated in this policy when using the University’s IT systems, network, WiFi, email and/or internet facilities.
The University will enforce this policy in order to protect those in its care, on its property or using its IT Services.
The University’s Library, Technology and Information Service (“LTI“) policies, including this policy, may be amended from time to time as deemed appropriate. Please check back frequently to see any updates or changes to this policy.
Everyone who accesses the University’s IT systems, network, WiFi, email and/or internet facilities must familiarise themselves with the contents of this policy.
Type of Policy User Policy Purpose
The purpose of this Access Control Policy is to establish the rules which govern the use of the University’s accounts (for clarity, in this instance, an account comprises a username and password), and how those rules apply to all students, staff, associate members, external examiners, agents, collaborative partners, visitors, library members and contractors.
These rules are necessary to preserve the integrity, availability, and security of systems and data belonging to the University, as well as the general safety of students, staff, associate members, external examiners, agents, collaborative partners, visitors, library members and contractors of the University. The policy clearly articulates what is expected of all system users, along with the potential consequences of failing to adhere to the rules.
The rules set out in this policy apply to User Accounts, User Accounts with elevated permission sets, or role groups (SITS), User Accounts with privileged access, Delegate Accounts, Test Accounts and Service Accounts.
For clarity, IT System Administrators’ Accounts and Local Administrators’ Accounts are dealt with in a separate policy.
The policy applies to anyone using the University’s IT systems, network, WiFi, email and/or internet facilities whether on campus or off campus. Unless specifically authorised in writing by the Director of the LTI Service, there are no exceptions to this policy. The Director of the LTI Service can be contacted via the IT And Library Helpdesk. The policy extends to the use of any University system (hardware or software, including software as a service SaaS) which belong to the University or are leased by the University.
For the purposes of this policy, the term privileged access (or elevated permission) is used to describe a standard user account which has had additional access rights applied to it. It is not an IT System Administrator’s Account.
Please note that this policy also applies where you access the University’s IT systems, network, WiFi, email and/or internet facilities through your own device.
The principle of “least privilege” will be followed at all times. Administrator’s accounts must only be used when it is necessary to undertake specific tasks which require the use of these accounts. User accounts will be used at any other time (eg writing/responding to emails, surfing the web).
Some new accounts are never used. This leaves an active account set to the default password for an unacceptable period of time. New accounts that are inactive for more than one month will have their passwords randomised.
Appendix 1 describes the technology used to create accounts, detailing the process used to manage ‘joiners’, ‘movers’ and ‘leavers’.
Appendix 2 describes the actions taken by LTI in respect of staff access to the network and IT systems.
Staff will only receive privileged access if it is a requirement of their role (long or short term), and permission has been given by the relevant system (or in the case of Sharepoint, a site) owner. When a member of staff changes roles within the University, their privileged access will be reviewed/removed (see Appendix 2).
Manual Overrides will only be actioned once permission has been given by the Director.
Any attempt to violate the provisions of this policy, regardless of the success or failure of the attempt, will, in the case of staff and students, be dealt with under the terms of the relevant disciplinary procedure or policy as applicable to staff and students, and may result in disciplinary action and/or notification to the relevant law enforcement agencies.
Where an associate member, external examiner, agent, collaborative partner, visitor, library member or contractor violates or attempts to violate this policy, their access to the University’s IT systems, network, WiFi, email and/or internet facilities shall be withdrawn and the University will, where appropriate, notify relevant law enforcement agencies. In the case of contractors, the University will seek to have the individual removed from services provided to the University, on a permanent basis.
The University also reserves the right to withdraw access from all or part of its IT systems, network, WiFi, email and/or internet facilities where it reasonably believes that this policy is being contravened.
Policies which should be read in conjunction with this policy are:
The University of Gloucestershire network is based on Microsoft Active Directory. The user network account lifecycle is governed by the Microsoft Identity Manager (MIM) and Azure Active Directory Connector (AADC) products, with supporting manual procedures.
User accounts originate from three systems:
Network accounts are created automatically by MIM under the following conditions:
After network accounts have been created by MIM in Active Directory, AADC creates the corresponding account in the University’s Azure tenancy.
When the status of a user record in Resourcelink changes to a value other than ‘Active’, the account is deactivated.
Accounts are deleted after a one-year grace period has elapsed.
When the status of a user record in SITS changes to a value other than ‘Current’ or ‘Deferred’ then the corresponding Active Directory account is disabled.
Accounts originating from SITS are deleted after an 18-month grace period has elapsed.
Failed applicant accounts are deleted immediately.
Accounts originating from the ID card system with an end date in the past are deleted immediately.
The LTI Service Desk will be informed by HR when a member of staff joins the University, changes roles or leaves the University. This notification will be in the form of an email to the LTI Service Desk. The email is generated automatically by Resourcelink when an individuals’ details are initially set- up, edited or disabled.
When a member of staff changes roles within the University, the HR department will send the ‘Movers Checklist’ to the current and new line manager. Both the current and new line managers will forward the completed checklists to the LTI Service Desk.
Upon notification, the LTI Service Desk staff will:
Raise a request for the Application, Development & Support Team to remove / edit access to the following:
Raise a request for the Infrastructure Team to remove / edit access to the following:
Raise a request for the Network Team to remove / edit access to the following:
Raise a request for the Web & Data Team to remove / edit access to the following:
; ?> "Visit the homepage"){kind=logo}
