Information Access Control Policy

PRINT DISCLAIMER: Official version of this document is accessible in the online policy library at https://policyoffice.ku.edu/. Printed copies may not reflect the most recent updates.

DOCUMENT TYPE:

Policy

PURPOSE:

To ensure the security and integrity of university data and information assets as well as safeguard the information of its constituents. All Kansas University technology resources will adhere to a uniform access control standard and framework.

APPLIES TO:

University employees (faculty, staff, and student employees), students, and other covered individuals (e.g., affiliates, vendors, independent contractors, etc.) in their access to University resources and software applications during the course of conducting University business (administrative, financial, teaching, research, or service).

CAMPUS:

Lawrence

POLICY STATEMENT:

All devices and software applications that are connecting to the University network shall provide user authentication and access control via the approved Kansas University Access Control Procedures only. Validation of identity management protocols resides with the KU Information Technology Security Office.

EXCLUSIONS OR SPECIAL CIRCUMSTANCES:

Exceptions to this Policy and associated Procedures shall only be allowed if previously approved by the KU Information Technology Security Office and this approval is documented and verified by the Chief Information Officer.

CONSEQUENCES:

Faculty, staff, and student employees who violate this University policy may be subject to disciplinary action for misconduct and/or performance based on the administrative process appropriate to their employment.

Students who violate this University policy may be subject to proceedings for non-academic misconduct based on their student status.

Faculty, staff, student employees, and students may also be subject to the discontinuance of specified information technology services based on the policy violation.

CONTACT:

Office of the Chief Information Officer
1001 Sunnyside Avenue 
Lawrence, KS 66045
785-864-4999
kucio@ku.edu

APPROVED BY:

Provost and Executive Vice Chancellor

APPROVED ON:

2009-04-14 

EFFECTIVE ON:

2009-07-01 

REVIEW CYCLE:

Annual (As Needed)

RELATED STATUTES, REGULATIONS, AND/OR POLICIES:

Access Control Procedures (currently in development)

Data Classification and Handling Procedures Guide

Student Records Policy

Information Technology Security Policy

E-Commerce Policy

Password Policy

Acceptable Use of Electronic Information Resources

Procedures for Investigative Contact by Law Enforcement

Electronic Mail (Email) Policy

Gramm-Leach-Bliley Student Financial Information Security Program

RELATED OTHER:

Laws:

Family Educational Rights and Privacy Act (FERPA), 20 USC §1232g (1974)

Health Insurance Portability and Accountability Act (HIPAA), P.L. 104-191(1996)

Gramm-Leach-Bliley Financial Services Modernization Act (GLB) P.L. 106-102, 113 Stat. 1338 (1999)

Kansas Open Records Act, K.S.A. §45-215 et. seq.

CHANGE HISTORY:

03/26/2025: Migration to TeamDynamix from Drupal.
10/11/2024: Updated broken links.
01/26/2022: Updated contact section.

Was this helpful?
0 reviews
Print Article

Related Articles (13)

Acceptable Use of Electronic Information Resources
This policy outlines the expectations for the use of electronic information resources at the University of Kansas.
Data Center and Server Room Policy
The purpose of the Data Center and Server Room Policy is to describe the minimum requirements for designing, installing, securing, monitoring, maintaining, protecting, and decommissioning a data center or server room at the University of Kansas.
Data Center and Server Room Standards
The purpose of the Data Center and Server Room Standards is to describe the minimum requirements for designing, installing, securing, monitoring, maintaining, protecting, and decommissioning a data center or server room at the University of Kansas.
Data Classification and Handling Procedures Guide
This Procedures Guide for the University community was created to help you effectively manage information in your daily mission-related activities. Determining how to protect & handle information depends on a consideration of the information’s type, importance, and usage. These procedures outline the minimum level of protection necessary when performing certain activities, based on the classification of the information being handled. Classification is necessary to understand which security p
E-commerce Policy
To provide the requirements for processing e-commerce transactions and any acceptance of credit card payments by administering entities for the University of Kansas Lawrence campus and its reporting units; to establish protocols to reduce the risk of exposure of cardholders’ personal financial information when such information is processed electronically through an e-commerce transaction; and to subject all e-commerce transactions to mandatory compliance with the Payment Card Industry (PCI) Data
Electronic Mail Policy
To define appropriate use of electronic mail in the University
Gramm-Leach-Bliley Student Financial Information Security Program
This document outlines the University of Kansas, Lawrence, program to protect critical information and data and to comply with Federal Law[1] on student financial information. The goal of this document is to define the University's Gramm Leach Bliley (GLB) Student Financial Information Security Program, to provide an outline to assure ongoing compliance with federal regulations related to the Program and to enhance the University’s ability to respond to likely future privacy and security regulat
Information Technology Security Policy
This Information Security Policy (“Policy”) defines the security requirements that everyone who works or studies at KU Lawrence campus and all reporting units is expected to be familiar with and consistently follow. These security measures are set forth to avoid problems that affect the Confidentiality, Integrity, and Availability of information and systems at the University.
Investigative Contact by Law Enforcement, Policy and Procedures
To assist University faculty and staff in responding to investigative contact by law enforcement officials.
Password Policy
The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of password change.
Student Records Policy
This policy is intended to inform students of their rights and responsibilities pertaining to their university records, in compliance with federal notification requirements; to reflect the University's responsibility; to protect the privacy of student records; and to articulate definitions relating to student records, how they may be accessed and disclosed, the complaint procedure and other information relevant to the student record.
Systems Development Life Cycle (SDLC) Policy
The purpose of the Systems Development Life Cycle (SDLC) Policy is to describe the requirements for developing and/or implementing new software and systems at the University of Kansas and to ensure that all development work is compliant as it relates to any and all regulatory, statutory, federal, and /or state guidelines.
Systems Development Life Cycle (SDLC) Standard
The purpose of the Systems Development Life Cycle (SDLC) Standards is to describe the minimum required phases and considerations for developing and/or implementing new software and systems at the University of Kansas.