8.1.2 Assigned User Accounts

Policy Tracking	Date
Approved
Revised	September 28, 2023
Reviewed

Assigned User Accounts: The IT Department administers user accounts for various information technology resources including College Administrative Systems, E-mail systems, and shared file storage systems. User accounts are issued to Blue Ridge Community College faculty, staff, students, and curriculum program applicants based on their respective needs and role. Before an account is assigned to an employee, vendor or contractor, a supervisor or designated employee must complete an Information Systems Access Request Form and the completed form which must be approved by the appropriate Vice President or College President.
Sharing Accounts: Sharing of a user account which has been assigned to a single individual is strictly prohibited.
Remote Access of Network Accounts: Blue Ridge Community College employees who are permitted to perform their duties away from the designated workplace, such as a “work from home” arrangement or working while on official travel, and using Blue Ridge Community College information technology resources via a non-College owned computer, are subject to the same policies and procedures contained herein.
Connections to Computer or Network Resources by Students and Visitors: There may be occasions whereby a student or visitor to the College is permitted to access Blue Ridge Community College Computer or Network Resources with their own computer. In any such instance, all the procedures contained in this chapter are applicable to that user.
Termination of Employee User Accounts: Formal notification shall be made to the IT Department by the Human Resources Director or supervisor immediately upon an employee’s suspension or separation from the College. Employee technology accounts will be deactivated immediately upon termination of employment with the College or upon a written request from the employees supervisor, Vice President, Human Resources Director, or President. It is the responsibility of the supervisor to manage the disposition of the employees work files.
Termination of Student and Applicant User Accounts:
1. Student and applicant user accounts can be deactivated by the College 90 days after graduation or 1 year after the individual has not been actively enrolled in a course at the College.
2. If the account will be deactivated due to graduation or a lapse in enrollment, the College will issue a notification to the account holders personal and College-issued email address at least 10 days prior to account deactivation.
3. Student user accounts can be deactivated immediately upon academic suspension, disciplinary action, issuance of a trespass or other applicable legal instrument, or upon a written request from a Vice President or College President.
4. User accounts are assigned solely for the purpose of conducting business with the College while the individual is actively enrolled in a class or actively preparing to enroll in an academic program. Individuals do not have any property right to their assigned account.
Access Control: Each employee must complete and sign an individual Information Systems Access Terms & Conditions Agreement. An Information Systems Access Request form must be completed and approved by the supervising Vice President(s), or College President designated as the data owner/custodian. Changes in employee responsibilities or job status which will affect access to Blue Ridge Community College data must be reported to the appropriate IT department immediately. IT can temporarily and immediately revoke access upon supervisor request. IT will only assign additional access to an employee upon a completed and approved Information Systems Access Request form
Monitoring Accounts: IT Systems Administrators are charged with investigating policy and procedure violations and suspected abuse of computing resources. When there is a clear indication of a security breach, abnormal network or system performance, or a reason to believe that a user has engaged or is engaging in unauthorized activities, Systems Administrators may inspect program data files and may monitor network traffic, including any personal equipment or device connected to the Blue Ridge Community College Technology Resources. Disciplinary action will be taken if it is found that the account or any supporting equipment is used for activities that violate any portion of this policy.
Password requirements: Assigned user accounts must have passwords that meet or exceed password aging and complexity requirements as defined in the North Carolina State Information Security Manual.
Multi factor authentication: Access to critical information systems shall require multifactor authentication as defined in the North Carolina State Information Security Manual.