Top Searches:

Lo frate

A.J. Fletcher Opera Institute: Lo frate 'nnamorato Apr 24-28, 2024

Spring Dance

Spring Dance Apr 25-27, 2024

Reynolda Quartet

Reynolda Quartet Apr 28, 2024

Cantata Singers

UNCSA Cantata Singers in Concert May 2, 2024

Vivaldi

Community Performance | Candlelight: Featuring Vivaldi's Four Seasons May 10, 2024

M.F.A. Films

School of Filmmaking Presents: M.F.A. Films May 17, 2024

See All Events
 
Home > Information Technology > IT Procedures > Affiliate User Access to Information Resources

Affiliate User Access to Information Resources

1. Purpose 

The University of North Carolina School of the Arts (UNCSA) is committed to ensuring that all information technology (IT) resources, technology services, software, and systems that are acquired and used at UNCSA further the university’s mission and meet the university’s information security standards. UNCSA relies on affiliates in many capacities across the university. This Procedure establishes rules for affiliate access to UNCSA information resources. 

2. Source of Authority 

This Procedure is issued in support of Information Technology Security Regulation 512, and Information Technology Security Procedures 512(III)(D), Access Control.  

3. Scope 

This procedure applies to all vendors, contractors, consultants, and other third-party affiliates who access university information resources. This procedure applies to all university information resources, regardless of form or location, and the hardware and software resources used to electronically store, process, or transmit that information. This includes data processed or stored and applications used by the university in hosted environments in which the university does not operate the technology infrastructure. 

All UNCSA employees involved in purchasing IT services, software, and systems must adhere to this procedure. 

4. Definitions 

A. Affiliate. An affiliate is an individual who requires access to information resources to work in conjunction with the university but is not a UNCSA employee or student.   Affiliates must have a sponsor who is an employee. Vendors, contractors, consultants, and other third-party providers who access information resources are considered affiliates. 

B. Information Security Program. The information security program is a set of coordinated services and activities designed to protect information resources and manage the risks associated with those resources.  It includes regulations, procedures, standards, assessments, protocols, and training to govern the storage, accessibility, and security of information resources. 

C. Information Resources. As used in UNC System Policy 1400.1, “information resources are information owned or processed by the university, or related to the business of the university, regardless of form or location, and the hardware and software resources used to electronically store, process or transmit that information.”  Information resources expressly include data, software, and physical assets.    

5. Procedure

The following procedure must be followed in all situations where university data or information resources are to be accessed by an affiliate: 

A. Affiliate access to information resources is only permitted where there is a current, valid contract or service level agreement between the affiliate and UNCSA. Access to UNCSA information resources is only permitted where it is necessary to carry out the contractual agreements between the affiliate and UNCSA. 

B. UNCSA managers, supervisors, or other sponsors should request that an affiliate account be created using the System Access Request Form. 

1. Requests for affiliate access to UNCSA information resources must be signed by the manager, supervisor, or sponsor requesting the access and must specify why the access is needed. 

2. Requests for affiliate access to UNCSA information resources must be counter-signed by the Chief Information Security Officer, the Chief Information Officer, a designee of the CIO, or a designee of the Chief Human Resources Officer. 

3. Affiliates must comply with all access form provisions, and applicable UNCSA policies, regulations, and procedures regarding the use, operation, and security of information resources. 

4. Each affiliate representative who plans to access UNCSA resources will need to submit a form.  No generic or shared accounts will be issued. 

C. The Office of Information Technology or Office of Human Resources will review the System Access Request Form and create a Banner entry for the affiliate. The submission of the System Access Request form will trigger user account creation for the affiliate. Incomplete System Access Request Forms will be returned to the UNCSA manager, supervisor, or sponsor of the affiliate account for proper completion. 

D. The Office of Information Technology will review any requests for Remote Computer Access. If approved, Technology Support will work with the affiliate to ensure that the affiliate has remote, secure access to the UNCSA network as needed. The UNCSA VPN service requires multifactor authentication. 

E. Affiliate sponsors are required to notify the Office of Information Technology or Office of Human Resources when an affiliate account is no longer needed so that the account can be disabled. 

F. Affiliates requiring user account or VPN access in excess of one (1) year must reapply for such access using the process outlined above and must indicate that the access request is a renewal. 

 

6. Roles and Responsibilities 

A. All users of information resources, including affiliates, are responsible for following applicable UNCSA policies, regulations, and procedures regarding the use, operation, and security of university information resources. 

B. The Chief Information Officer is responsible for administering this procedure and providing guidance to senior leadership concerning affiliate access to UNCSA information resources. 

C. The Chief Information Security Officer shall be responsible for guiding the university's information security program and associated activities. 

D. The Information Security department in the Office of Information Technology is responsible for reviewing all affiliate requests for access to UNCSA information resources and ensuring affiliate access is only permitted where it is necessary to carry out the contractual agreements between the affiliate and UNCSA. 

E. The Office of Information Technology or Office of Human Resources is responsible for reviewing and processing the System Access Request Form and creating a Banner entry for the affiliate. 

7. Revision History

11/28/22– First issuance, approved by the UNCSA CIO 

8. Related References 

A. University of North Carolina System Policy, Information Technology Chapter, Information Technology Governance 1400.1 

B. University of North Carolina System Policy, Information Technology Chapter, Information Security 1400.2 

C. University of North Carolina System Policy, Information Technology Chapter, User Identity and Access Control 1400.3 

D. ISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for information security controls 

E. UNCSA Information Technology Security Regulation, 512 

F. System Access Request Form 

 

February 20, 2023