This site requires JavaScript to be enabled

Information Resources and Technology

Access Management

Access Management

Access Control is a critical activity to ensure only authorized campus systems and data are available to the appropriate user. All campus members play an important role in ensuring that data is accessed and used in an appropriate manner to support the mission of the University.



Access Control Notification

All employees that manage authentication services and/or access control services are required to register with the Information Security Office. This enables the administrators to receive daily or weekly reports to complete timely deprovisioning of users.

  • The Service Level Agreement is to complete these request in three (3) business days with the first notification arriving on the first scheduled date (daily or Thursday).

CMS & CFS Access

Using the Common Access Request System (CARS), the Information Security Office maintains access to the university Common Management System (also known as CMS or CFS), which serves as the system of record and manages Level 1 and Level 2 data relating to university personnel information, student records, and financial data.

  • The Service Level Agreement to complete these request is three (3) business days of the approved request. Due to the work flow requirement that campus officials approve these requests before the ISO can implement them it is recommend to allow two (2) weeks from enter to implementation.

Priority Deprovisioning

To maintain the integrity and security of various systems relating to user accounts and services, the university follows an emergency deprovisioning process for accounts that need immediate removal outside of normal processes. Managers requesting this service must first contact Human Resources.

  • The Service Level Agreement is to complete these request the same business day. However, to ensure that appropriate employees are available to remove access we ask that the request be made one (1) day in advance. DO NOT include the employee information to be deprovisioned in the request. The request is designed to schedule IT staff for the date/time of the deprovisioning. An IRT MPP will contact you in order to get the employee information at the time of deprovisioning.

Access to Employee Data

The Information Security Office coordinates the authorization and release of employee data to departments when the individuals are unavailable (e.g. on leave, no longer employed, etc.). Data will only be released to managers to support ongoing business operations and Human Resources must review and authorize the access.

  • The Service Level Agreement to complete these request is five (5) business days of the approved request. Note that this actively must be coordinated with Human Resources.

Data Exchange Authorization

Coordinate the authorization and implementation for system-to-system data flow communication and/or storage. Data will only be released or interface established once the Data Owner(s) has approved.

  • The Service Level Agreement to complete these request is ten (10) business days of the approved request. During this time it is important to make staff and vendor support available to complete the evaluation and authorization. Once authorized a new request will be created for the implementation of the data exchange and the SLA will vary depending on area. It is important to start this process early to avoid any delays.
Version 1.4.2 (release notes)