Standard Practices for Network IDs, Email Accounts, and Other Online Access

Department directors may wish to consider protecting University data, documents, and other information assets in the following ways when a faculty, staff, or temporary employee leaves the University.

Email Identity and Account Management for assistance in coordinating these changes.

Use of email, web publishing, and access to files: Employees are granted use of their NetIDs for one year after their termination dates. Retirees and emeriti generally keep their NetIDs for life. One's NetID provides access to email, file storage (individual and departmental), calendars, web publishing, myUVM, Footprints, software downloads, and other resources. The Computer, Communication, and Network Technology Acceptable Use (PDF) policy gives department heads the authority to terminate accounts at any time after an employee leaves (see item 3(f)). The same policy allows department heads to request access to terminated employee's files, email, and computers, and gives department heads responsibility for copying needed work-related files before the employee's account is removed from the system. Requests should be sent to the Vice President for Executive Operations & Chief of Staff. Department heads may wish to consult with the Information Security Officer before making a request.

Access to information systems: Termination automatically triggers the removal of access to PeopleSoft and Banner SIS, while Blackboard access is controlled by enrollment status; no explicit action is required for these systems. Access to Campus File Services (home and shared drives) remains in place for 21 days after termination, unless a department head requests earlier termination. Department heads should request that accounts on systems for which access is not based on NetID, or from which removal is not automatically triggered by termination, be disabled or removed by contacting the responsible system administrator. Systems include Resource 25, WebXtender, Listserv, Kronos, FAMIS, SharePoint, and applications managed within a college, school, or department. (FAMIS access removal will be automated in the future.)

Passwords to any shared accounts or computers: Whenever someone leaves a job, passwords to shared resources, including passwords known by others, should be changed. Employees with information technology responsibilities may know passwords for servers, information systems, and networks; those passwords must be changed. Doing so also protects the former employee from any accusation of responsibility for improper system use.

Access based on group membership or Exchange privileges: Because employees generally keep their NetIDs for one year after termination, care must be taken to remove access rights and other privileges that are driven by membership in security groups. Groups are most commonly used for access to files on and Active Directory (Campus File Services). Employees may also have access to shared mailboxes or calendars through the delegation of Exchange rights. Department heads should request the removal of terminating employees from any group that isn't automatically tied to employees' roles or employment status.

External systems: Sometimes people have authority (usernames and passwords) for external systems, such as University financial accounts. Departments should work with external system managers to change those usernames and passwords.

Voicemail: Departments may wish to assign other employees to check former employees' voicemail, or to change greetings or referral extensions. Telecommunications & Network Services can change voicemail passwords or remove voicemail service.

Workstations: Departments should change passwords to desktop and laptop computers, and copy to secure network storage any needed documents stored on terminating employee's computers (see "Use of email, web publishing, and access to files" above for the request and authorization process). Department heads should take possession of computers assigned to terminating employees. If a termination agreement allows the employee to keep a computer its hard drive must be securely cleansed of all software and files; the computer's original operating system may be reinstalled.

Email autoresponses: Short of terminating employees' NetIDs, departments may want to ask former employees to put up an automated response for their email accounts directing people to resend UVM business to another employee or to a departmental email address. The autoresponse can be done with or without forwarding email elsewhere; coordination with the former employee is key.

For more information, contact Identity and Account Management.