University Network Identity Life-Cycle Policy
Policy Statement
Information Technology Services (ITS) creates Network Identities (NetID) to facilitate proper access to on-line resources. Unnecessary NetIDs are disabled preventing unwanted user action which could lead to compromised systems and/or data loss.
Reason for Policy
This policy is established to define and document the acceptable use of NetIDs and the guidelines for their creation and removal. This policy is to assist in meeting regulatory compliance, meeting current EIU policy mandates, and following good security practices.
Entities Affected By This Policy
All members of the Eastern Illinois University community to include but not limited to faculty, staff member, students, and annuitants.
Contacts
EIU Information Security 217-581-1939
Network Identities Creation
Unique NetIDs are assigned to an individual and will not be reused throughout the lifetime of the current identity management system. NetIDs deleted from the NetID system are documented in the ERP system in accordance with applicable record retention laws and policies.
Network Identities for Students:
- NetIDs for students are created once an applicant is admitted to the university.
Network Identities for Employees:
- NetIDs for employees (excluding faculty) are created and activated when the employee’s contract information is entered into the ERP system by university human resources department.
- NetIDs for faculty are created and activated when the faculty’s Tax information (I9 form) is entered into the ERP system by university human resources department.
- Professional Affiliate accounts are requested and documented by university human resources department.
Special Use Network Identities:
SPEC (Special Use) accounts are assigned in cases where multiple individuals need access to the same account or an individual system requires a unique configuration due to technical limitations. SPEC accounts are assigned to an EIU sponsor. The sponsor is responsible for the proper usage and management of the account. SPEC accounts are created by request only and the contents contained within it are the property of EIU. SPEC accounts are not to be used as a replacement for an employee or student account.
SPEC accounts will be reviewed annually to ensure the accounts are still needed.
NetID Removal
When an account is removed or permitted to expire, data contained on university systems (excluding the ERP system) utilizing that NetID will be maintained for 6 months unless noted. Data that will be removed includes, but is not limited to, emails, shared files, and web pages. The university must comply with all federal, state, and local legislation regarding privacy and disposal of data or records. Exception to the NetID removal process for all identities is in the event of emergency revocation.
Student Network Identities:
Admitted students that never register for classes:
- Undergraduate – Removed following the last day to add or drop classes
- Graduate –Removed following the last day to add or drop classes
Inactive students: (Status determine by the admitting agency)
- Undergraduate – 1 year from the end of the last term they attended classes
- Graduate – 1 year from the end of the last term they attended classes (maintain 6 years from the end of the first term they registered for graduate classes)
Graduated students (Alumni):
- Undergraduate – 1 year from the end of their graduation term
- Graduate – 1 year from the end of their graduation term
Dismissed Students (Academic or other):
- Undergraduate – 1 year from the end of their dismissal term
- Graduate – 1 year from the end of their dismissal term
All other reasons not covered in this section please contact the University Registrar.
Employees Network Identities:
Employees on Disability:
Employees on disability will have differing access depending on the situation. If an employee will permanently be on disability their account will be disabled. The employee's vice president may authorize exceptions to this policy.
Departing Employees (Excluding faculty):
Departing employees will lose all access to the University information systems as soon as possible but no later than the end of the business day following their departing day. An extension must be requested by the employee to their corresponding vice president prior to the last day of employment. Departing Employees enrolled as students will lose access to employee related systems but will retain a NetID to facilitate continued enrollment and will be subject to student NetID retention policies thereafter. If an Employee is not currently enrolled, but previously has taken courses, the access will be terminated and will not finish with the student NetID retention policies.
Employees on a 9-11 month contract will retain NetID and EIU email access for the duration of the applicable 12-month term.
Departing Faculty:
Departing faculty will maintain access to email and the university’s learning management system for a period of 3 months following the end of their contract. This allows the faculty member to perform the required tasks for the university’s grade appeal process.
Annuitants:
Annuitants, defined as those individuals meeting the criteria outlined in Eastern Illinois University's Internal Governing Policy (IGP) No. 2, are granted access to their email account in accordance with University policies. If they do not wish to continue using their email account or the NetID has been inactive for a period of 1 year the NetID will be deactivated.
Employee’s Death:
In the event of an employee’s death, the ITS Information Security group will perform an emergency revocation of account access upon notification from the university’s President, Vice President, Director or Assistant Director of Human Resources, or Assistant Vice President of ITS. Before the emergency revocation is performed Information Security will contact the deceased employee’s department and request a statement to be used as an autoreply to the employee’s email account. All information or data contained in the employee’s university email account and university-owned devices is the property of the University and will not be released without approval. Access to the employee’s data may be requested through the Information Security Group. The General Counsel for the University determines the approval of the release of the data. The deceased employee’s supervisor will be contacted 90 days after the emergency revocation has been performed to ascertain whether a university need exists for the account to remain active.
SPEC Accounts
Service, lab and external (General Person) accounts are all types of SPEC accounts. SPEC accounts will be reviewed yearly to see if they are still needed.
SPEC accounts assigned to a separating employee will be reassigned to another university sponsor. The account is reassigned to another accepting employee designated by the original sponsor prior to their separation.
Related or Supporting Documents
Eastern Illinois University's Internal Governing Policy (IGP) No. 2
ITS Security Assessment and Configuration Review Policy
Last Date Reviewed: 06/13/2024