Removing privileged access from temporarily unused Computing staff account

Notes

When an individual is not routinely using their account, they are less likely to spot any suspicious behaviour relating to their account. This could commonly happen when an individual is absent from work for a prolonged period for whatever reason, be it paid or sick leave for example. All members of the Computing staff have privileged access to most School systems to perform their duties. The combination of privileged access and intermittent account usage presents a raised security risk to the University. This policy aims to reduce this security risk.

Policy

Whenever a member of Computing staff is on leave of absence for more than four weeks contiguously, for whatever reason, any elevated privileges associated with their account will be temporarily withdrawn (typically at the outset of the absence) until the individual returns to work. This proposal should apply to all School systems, and ideally all University systems although implementing it for the University systems would present challenges where possible to do so. Line managers are obliged to inform the Head of Computing of any planned absence period of more than four weeks or when a member of staff has been on unplanned leave for four weeks. This policy is at the discretion of the Head of Computing.

Non-exhaustive examples of elevated privileges:

• root or admin access
• ability to enable root or admin access
• ability to modify the security of a system
• access to systems holding confidential data

Equality and diversity implications

Special consideration may be required during any period of parental leave.