302: User Specific Policies

Information Security Policies & Procedures Manual
Section 300: User and Personal Information Security
Effective: 01/11/2010

Purpose

The purpose of this section is to outline existing OSU User specific policies which fulfill OSU’s obligations under the OUS Information Security Policy.

Policies and Procedures

 

302-01 Acceptable Use Policy (AUP)

OSU maintains the Acceptable Use of University Computing Resources as part of the General Policies of the institution with the official and current copy residing at http://oregonstate.edu/aup.htm .  As stated in the AUP, it applies to “all users of university computing resources, whether affiliated with the University or not, and to all use of those resources, whether on campus or from remote locations. Additional policies may apply to computing resources provided or operated by individual units of the University or to uses within specific units.”  Acknowledgement of this policy and agreement to abide by it are part of the account activation process for all central computer systems.

 

302-02 Security Sensitive Personnel

OSU maintains a policy regarding criminal background checks for Security Sensitive Personnel in compliance with Oregon Administrative Rules and as part of the Office of Human Resources Policy and Procedure Manual.

 

302-03 Account Management

OSU creates system accounts, referred to as OSU Network ID (or ONID), for general access to OSU centralized resources.  These accounts are generated and disabled programmatically based on information stored in the Student and Human Resources Information Systems about current status as employee or student.  Accounts local to a specific system are defined by the department which manages the system.  In the case of the Banner Human Resources, Student, and Financial Information System, accounts are authorized and revoked in accordance with parameters set by the appropriate Records Custodian.