91¶ÌÊÓƵ Policy 3501

Information Technology Access Control

  • Responsible Oversight Executive:ÌýVice President for Administration and Finance
  • Date of Current Revision or Creation:ÌýMay 10, 2022
  • Download Policy PDF

The purpose of this policy is to outline the manner in which access to Old Dominion 91¶ÌÊÓƵ information technology (IT) resources is granted.

, grants authority to the Board of Visitors to make rules and policies concerning the institution. Section 7.01(a)(6) of theÌýÌýgrants authority to the President to implement the policies and procedures of the Board relating to 91¶ÌÊÓƵ operations.

Restructured Higher Education Financial and Administrative Operations Act,Ìý

´¡³¦³¦±ð²õ²õÌý-ÌýThe ability to receive, use, and manipulate data and operate controls included in information technology.

DataÌý- An information asset that represents, but is not limited to, individual data elements, lists, addresses, documents, images, measurement samples, programs, program source code, voice recordings, aggregations of data, or other information in a digital format. Data in a tangible object, typically paper, is excluded from this policy, but is subject to other 91¶ÌÊÓƵ policies, including, but not limited to, policies on records management and confidentiality.

Information Technology ResourcesÌý- Computers, telecommunication equipment, networks, automated data processing, databases, the Internet, printing, management information systems, and related information, equipment, goods, and services.

UserÌý-ÌýIncludes anyone who accesses and uses Old Dominion 91¶ÌÊÓƵ information technology resources.

This policy applies to all users of Old Dominion 91¶ÌÊÓƵ information technology resources and governs all information technology resources whether owned by or operated for 91¶ÌÊÓƵ business through contractual arrangements, including, but not limited to, all employees, students, volunteers, and visitors to the institution. Employees include all staff, administrators, faculty, full- or part-time, and classified or non-classified persons who are paid by the 91¶ÌÊÓƵ. Students include all persons admitted to the 91¶ÌÊÓƵ who have not completed a program of study for which they were enrolled; student status continues whether or not the 91¶ÌÊÓƵ's programs are in session. Visitors include vendors and their employees, parents of students, volunteers, guests, uninvited guests, and all other persons located on property, owned, leased, or otherwise controlled by the 91¶ÌÊÓƵ.

Ìý

The 91¶ÌÊÓƵ will provide all employees and other users with the information they need in order to carry out their responsibilities in as effective and efficient manner as possible. Access to data will be limited to authorized individuals whose job responsibilities require it, as determined by an approval process, and to those authorized to have access by Federal or 91¶ÌÊÓƵ laws or in accordance with 91¶ÌÊÓƵ policies and standards. The process for requesting, granting, administering, and terminating accounts on IT systems, including accounts used by vendors and third parties, are provided inÌý.

Access is given through the establishment of a unique account in accordance with account request procedures. Exceptions to the establishment of unique accounts may include stand-alone personal computers, public access computers or related resources, and student labs where individual student accounts are not required.

All users of IT systems are responsible for reading and complying with 91¶ÌÊÓƵ information technology requirements, reporting breaches of IT security, actual or suspected, to 91¶ÌÊÓƵ management and/or the Information Security Officer, taking reasonable and prudent steps to protect the security of IT systems and data to which they have access, and complying with any Federal, 91¶ÌÊÓƵ, or local statutes and 91¶ÌÊÓƵ policies and standards as might apply to these resources. Every user must maintain the confidentiality of information assets even if technical security mechanisms fail or are absent.

Old Dominion 91¶ÌÊÓƵ reserves the right to revoke any user's access privileges at any time for violations of policy, standards and/or conduct that disrupts the normal operation of information technology resources.

The specific standards to be utilized for compliance with this policy are published on theÌýÌýwebsite.

Ìý

Assistant Vice President for Information Technology ServicesSystem access records are retained for three years and then destroyed in accordance with theÌý.

Chief Information Officer

Policy History

Policy Formulation Committee (PFC) & Responsible Officer Approval to Proceed:

/s/ÌýRusty Waterfield


Responsible Officer


May 5, 2022


Date


Policy Review Committee (PRC) Approval to Proceed:

/s/ÌýDonna W. Meeks


Chair, Policy Review Committee (PRC)


April 19, 2022


Date


Executive Policy Review Committee (EPRC) Approval to Proceed:

/s/ÌýChad A. Reed


Responsible Oversight Executive


May 5, 2022


Date


91¶ÌÊÓƵ Counsel Approval to Proceed:

/s/ÌýAllen T. Wilson


91¶ÌÊÓƵ Counsel


May 9, 2022


Date


Presidential Approval:

/s/ÌýBrian O. Hemphill, Ph.D.


President


May 10, 2022


Date

Previous Revisions: October 1, 2007; February 21, 2011; March 15, 2017; May 10, 2022

Scheduled Review Date: May 10, 2027