Policy Overview
Following guidance provided by the University System of Georgia and the University of Georgia Office of Information Security, Franklin College's access control standards specify that computing devices must be deployed with the least privileged access level necessary to perform essential work and research functions. In most cases, only user-level access is needed. To accommodate the limited cases where a higher level of access is required, we developed the following process to request an exception to our standard access control policy.
Purpose of the Exception Process
Responsibility for IT infrastructure, services, and security rests with the IT professionals in the college. IT professionals receive training on the prevention and resolution of security incidents. Delegating this responsibility to non-IT personnel necessitates a formal exception process. The purpose of the exception process is to 1) grant exceptions equitably across all units, 2) document who received an exception, and 3) establish clear accountability for security incidents.
Scope of Exceptions
Exceptions can be requested by faculty and staff. Exceptions for graduate students will only be considered if the student is employed by the department. Undergraduate students are not eligible for exceptions. Exceptions are granted for a single device per request. This process is applicable to network-connected devices.
Process for Requesting an Exception
-
Consult with your local IT Professional about your specific needs or concerns. In many cases, your local IT Professional can recommend a strategy that will address your needs without necessitating an exception.
-
If your IT Professional cannot accommodate your needs without granting an exception, confirm that you have the support of your unit head (or Associate Dean, if requestor is a unit head) as the department will be required to accept responsibility for any potential security incidents on devices that you administer.
- Use the Request Service button to the right to start the exception request process. Once submitted, the following approval levels are automatically requested. All approvals are required before an exception can be granted.
- Franklin OIT Client Services Manager will confirm the details submitted in the form, verify with the local IT Professional that a consultation has taken place and that the request cannot be accommodated in any other way, and document any related tickets or background information. If Client Services Manager approves, request will move to the next step.
- Unit Head will be asked to confirm that the exception request is supported by the department and that any data loss or associated costs incurred by a security incident originating from the device will be the department's responsibility to cover. If the Unit Head approves, request will move to the next step.
- Franklin OIT Executive Director will confirm supporting information is complete and all processes have been followed. If Executive Director approves, the exception will be granted for the requestor on indicated device for the requested duration. Local IT Professional will work directly with the requestor to provision the exception account.
Complete requests will be reviewed within 30 days of receipt; incomplete requests will be rejected.