Policy

Macalester College is committed to promoting secure and appropriate access to its systems, and to the data used, processed, stored, maintained and/or transmitted in and through those systems. This policy defines expectations of users who have been granted access to College enterprise systems.*

Purpose

College-owned applications and systems, including the data stored therein, have a significant value and are an integral part of the infrastructure that supports Macalester’s mission, goals and critical operations. It is essential that access to and use of these applications, systems, and data are properly secured and protected against information security related threats and dangers.

Procedures

Access to college-owned applications and systems assumes user observance of the Information Technology Responsible Use Policy and related policies.  Access may be revoked if any of these policies are violated.  Other actions, up to and including termination of employment, may also be taken, depending on the particular violation. All users are required to adhere to the following rules in order to use, access, store, process, and/or display data acquired from college-owned applications and systems:

  1. Access to college-owned applications and systems is granted solely to conduct legitimate business on behalf of Macalester College.

  2. Access to specific system functions and data populations is consistent with each user’s scope of employment.

  3. Access requests are initiated by electronic authenticated request from department or unit managers who have knowledge regarding a user’s legitimate need to access/change data that is financial, managerial, confidential, regulated, or mission critical. Access requests for academic department users must be approved by personnel responsible for the data related to the request.

  4. User accounts will remain active until a user’s employment relationship either changes or terminates.

  5. Data access changes are initiated/approved by the Data Steward(s) responsible for managing access to the respective data.

  6. Non-Macalester persons who require access to enterprise systems* must receive documented approval for this access by an appropriate Macalester official.

* An enterprise system is any computing system maintained by Information Technology Services that is used by more than one department or unit and that contains financial, managerial, confidential, regulated, or mission critical information.

Created: September 2016