Security Access Agreement
The security practices and procedures outlined below are to protect the confidentiality of the information stored on the Human Resource Management Systems (HRMS). These procedures are to be followed at all times and you, the account owner, are expected to abide by these procedures as well as all other university policies on information security. Not adhering to these procedures could leave you accountable in the event of a security breach.
1. A computer account for accessing the HRMS system should be requested through your supervisor or Department Head. This is to ensure that accounts are given to only those people who have a valid need, and the department is aware of exactly who will be accessing the information. It should be noted that if an account has already been assigned for access to another mainframe system (i.e FRS), then the user ID assigned will also be used for access to the HRMS. A new account ID will not be assigned.
2. Although requested by a department, the account is 'owned' by you, the individual who will use it. As the account owner, you are responsible for all usage of the account and you will be held answerable.
3. Only one person should have access to the account assigned to you. Under no circumstances is your USERID or password to be used by another person.
4. It is the responsibility of the supervisor to ensure that the Department of Human Resources is notified immediately when an account owner terminates employment, commences a leave of absence, is transferred to a position within the department which no longer requires the assigned access, or transfers to another department. The account number is not to be used by the new incumbent unless so instructed by the Department of Human Resources. The contact person at Human Resources is Brenda Mullett.
5. The account is assigned specifically for administrative work. Any unauthorized use of the account for personal purposes, or any other purpose not related to the university, is strictly forbidden.
6. Always sign off your account when not using it. Never leave your account logged on and unattended.
7. It is your responsibility to keep your password secure to prevent unauthorized access to your account.
8. Remember, there are programs written specifically to try to break password security. Your password must be complex and changed frequently to make it difficult to be determined by these programs.
9. Do not reveal your password to another individual, even if that person has the same access to university systems as you have.
10. If you suspect someone may have seen your password, change it immediately.
11. Change your password on a regular basis - security procedures at xwave force password changes every 30 days.
12. Locate the terminal where it is accessible to authorized personnel only.
13. Position the screen to minimize viewing by unauthorized persons who may be present when information is being retrieved.
14. Clear all accessed information from the screen immediately after obtaining it, to prevent unauthorized viewing of the data.
15. Printers should be positioned to prevent unauthorized persons from reading printouts.
16. Always remove all printouts from the printer.
17. You are prohibited from divulging any administrative data to another individual unless that individual is also authorized to use the data.
18. It is recognized that only designated offices may release administrative data to entities external to the University.