business , compliances , information-rights-management

HR Operating Policies and Procedures to Ensure Proper Access Removal

July 6, 2015

Reference:

Security Guideline Physical and Environmental Security of Information Technology Resources.

  • HR will ensure proper pre-employment screening of employee prior to employment. Reference HR Policy #.
  • Upon completion of the HR pre-employment screening, Department Directors or designee will complete access request via User Access Request Site for appropriate access to applications. Link is available on Intranet under Information Technology. Reference procedure Validate Entity Prior to Granting Access.

Procedure:

  1. TS Managers will ensure all combination locks are changed upon an employees’ termination.
  2. TS Managers will coordinate with Security to ensure employees are removed from all access lists upon employees’ termination.
  3. Upon receipt of a termination via email, notifiers from both applications and systems teams will deactivate Application and Network access.
  4. TS Managers will ensure all keys, tokens, cards, etc. that permit access are returned to them upon employees’ termination. Reference HR Policy.

Deactivation of Application accounts inactive for 90-days:

  1. Run application report USER>users.with.exp.password, Report shows users who have not been active in the last 4 months by default.
  2. Inactivate users listed. DO NOT inactivate non-users as indicated by an X in the user type column!
  3. Use discretion when inactivating Users. This link is used by PCI in lookups.
  4. Any time an account needs to be reactivated, even on the accounts deactivated per 90 day policy, please refer to procedure “Access Establishment and Modification”.