Effective Date: September 6, 2017 *
Last Reviewed: September 6, 2017


Purpose

This policy defines eligibility for user accounts that enable access to the Stonehill College network, information resources and applications. It also provides guidelines for the creation and termination of these accounts.

Scope

This policy applies to all Stonehill College employees including, but not limited to, staff and faculty, and any other individuals working for or acting as an agent or representative of the College. This policy also applies to current Stonehill College students, Emeritus(a) faculty/staff, and affiliates of the College. Additionally, this policy applies to vendors under contract with Stonehill College that require access to the College’s network and/or technology resources to provide service.

Policy

User accounts are provided based on the role of an individual relative to Stonehill College. Accounts are used to conduct College business, to communicate, and to enable access to resources for teaching and learning. Accounts which enable access to view and change college information systems require authorization through an Account Request for access to each specific application. Eligibility for accounts and procedures for account expiration are detailed below.

Definitions

Stonehill account

The Stonehill account is created in the MS Active Directory and is the primary source of authentication for various applications and services, including the campus network, VPN, email, Office 365 applications, the portal, and the learning management system.

Application security

Application security consists of an individual user account with role-based access to view or update data in College information systems. Security is established for a specific information system through an Account Request with authorization from the department head and the appropriate information custodian.

Procedures

Staff

A Stonehill account and a mailbox are created for all staff upon notification of employment to the IT Service Desk from Human Resources. Staff are eligible for application security with appropriate authorization based on their job function.

When a staff member is terminated involuntarily, all accounts for that employee are terminated immediately upon notification to the IT Service Desk from Human Resources. When a staff member resigns their position, all accounts are terminated within a day of the employees last day of employment based on information provided from Human Resources. Requests for exceptions to these limits must be sent in an email to the IT Service Desk from the department’s Division Head.

Accounts for Emeritus(a) staff may be continued upon written notification sent in an email to the IT Service Desk from the Office of the President.

Faculty

Stonehill accounts and mailboxes are created for all full time and part time faculty upon notification of employment to the IT Service Desk from Human Resources. Faculty are eligible for application security with appropriate authorization based on their specific roles.

When a faculty member is terminated involuntarily, all accounts for that faculty member are terminated immediately upon notification to the IT Service Desk from Human Resources. When a faculty member resigns their position, authorized application access will be terminated two weeks after the close of final grades for their last semester. Faculty will retain access to email and applications provisioned based on the role of faculty until either November 1st or April 1st , whichever comes first after their last semester. Extended access is provided to communicate with students and respond to grading issues. Requests for exceptions to these limits must be in writing from the Provost.

Accounts for part time faculty will be reviewed at the end of each semester, in January and June. Human Resources, working with the Office of the Provost, will notify the IT Service Desk to terminate accounts for part time faculty whose employment will not be continued. The account will be terminated upon notification if more than one semester has passed since the adjunct taught. Otherwise, it will follow the termination process specified above for faculty.

Accounts for Emeritus(a) faculty may be continued upon written notification sent in an email to the IT Service Desk from the Provost.

Students

Stonehill accounts are created for all new students who pay a deposit after receiving an admissions acceptance. Email accounts are also created at that time.

Student employees are eligible for application security with appropriate authorization based on their job function. Application security for student employees will be established through an Account Request with authorization from the department head and the appropriate information custodian. Department heads are responsible for review of application security for their student employees at the end of each semester.

Stonehill accounts are terminated on November 1st and March 1 st for students who have withdrawn or left the college, excluding students on an official leave of absence. Accounts for students who graduate in a given academic year are terminated on or about August 15th, approximately 3 months after Commencement.

Affiliates

Accounts for personnel who are not employed by Stonehill College are created based on receipt of an authorized Account Request. Generally these accounts are provided for third party service providers with specific application access requirements and affiliates with a specific relationship to Stonehill College. These accounts may be established with a defined expiration date provided by the department head.

Department heads are responsible for notifying the IT Service Desk immediately if the account is no longer required. Department heads are also responsible for responding twice a year, on January 2nd and June 1st, to a request from the IT Service Desk to renew the account. Accounts are terminated within 15 days of the request if the department head indicates the accounts are no longer require or the department head does not respond.

Vendors

Accounts that must be established for a vendor, and not for an individual, are created based on receipt of an authorized Account Request. Generally these accounts are provided for third party service providers with specific access requirements, typically involving support for College systems. The Account Request must specify the exact need and the account will be specifically secured according to those requirements. Whenever possible, these accounts should be established with a defined expiration date provided by the department head or disabled after each use.

Department heads are responsible for notifying the IT Service Desk immediately if the account is no longer required. Department heads are also responsible for responding twice a year, on January 2nd and June 1st, to a request from the IT Service Desk to renew the account. Accounts are terminated within 15 days of the request if the department head indicates the accounts are no longer require or the department head does not respond.

User Responsibility

Each user is responsible for moving personal files and email to alternate accounts or media prior to the termination of their Stonehill account. Staff and faculty are responsible to turn over to their supervisor any College related files or email communications that are needed by their department or important to ongoing operations and to transfer relevant electronic records to the College Archives. Staff or faculty who retire and want to continue to receive email correspondence from the College are responsible for providing a personal email address to the Office of Human Resources.

Department Head Responsibility

Department heads are responsible for notifying the IT Service Desk of changes in the job functions of any of their employees that would cause their application security to change or be terminated. Department heads are also responsible to ensure that supervisors work with departing staff and faculty to retain any College related files or email communications that are needed by their department or important to ongoing operations.

Division Head Responsibility

Division Heads are responsible for notifying the IT Service Desk in writing to request exceptions to this policy. Division Heads may also request that accounts for specified employees be disabled and specify an away message for their mailbox to alert external constituents of an employee change. The away message and account will remain active for a two week period.

Exceptions

Stonehill College reserves the right to make exceptions to this policy on an individual basis when it is determined to be in the best interest of the College. All exceptions must be authorized in advance in writing by the department’s Division Head.

* A scrivener’s error was detected on May 15, 2019. This is the corrected version.