Policy On User Account Creation, Modification, and Deletion - 1

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 2

USER ACCOUNT MANAGEMENT POLICY

ITU Policy User Account Management Policy

Document No ITD-POL-0002 Document Version 1.0

Created by Date Dec 14, 2020

Remarks Internal/for all employees, consultants and vendors

I. Introduction:

This policy addresses the creation, modification, and deletion of user accounts. and
the procedure of account management.

a. Parties involved in user account creation, modification, and deletion:


i. the end-user (employee, consultant, vendors) to whom the account will
be given custody
ii. the Manager of the end-user
iii. the Human Resources
iv. the Information Technology Department

II. Concerning User Creation

The following steps shall be followed to ensure timely and accurate user account
creation:

a. For employees, consultants or vendors:


i. The Manager completes the User Management (Appendix A) form as
soon as the hire is official. (The Type of Change would be new user.)

b. Human Resources (HR) must review and confirm the User Account
Request/Change.

III. Concerning User Modification

User modification is when a user account is changed in some way. Changes could
include the adding or removing of permissions to a particular resource, designation and
or capabilities.
The following steps shall be followed to ensure timely and accurate user account
modification:
1) The Manager completes the User Management (Appendix A) form.
(The Type of Change would be Modification.)

2) HR must review and confirm the User Account Request/Change.

IV. Concerning User Deletion

User deletion is when an account is no longer needed, possibly due to the end-
user employment or project.

The following steps shall be followed to ensure timely and accurate user account
deletion:

i) For employees:

a. If the employee is completely separated, the Manager completes the User


Management (Appendix A) form. The Manager must complete and send the
Access Deletion request to the ITU not less than five (5) days before the
employee’s separation date. (The Type of Change would be Deletion.)

As to Effective Date of employee separation:

a. the user account is removed from all employee groups and global address lists;
accounts for applications (such as Active Directory, AX, Operation systems,
Internal systems etc.);

b. All other IT resources are removed EXCEPT access to email account. The
password to the email must be changed.

c. After the backup of the email, the account can now be recycled by the ITU.

IV. Communication and Compliance

The ITD notifies the manager via email of the account modification and keeps a record
of permissions.

Any violation of this policy shall be meted with the corresponding penalties in
accordance with existing policies, rules and regulations.

You might also like