Body
Policy Overview
Following guidance provided by the University System of Georgia and the University of Georgia Office of Information Security, all Warnell School computing devices are deployed with the least privileged access level necessary perform essential work and research functions. In most cases, only user-level access is needed. To accommodate the limited cases where a higher level of access is required, we developed the following exception process.
Purpose
Responsibility for IT infrastructure, services, and security rests with the IT professionals in the college. IT professionals receive training on the prevention and resolution of security incidents. Delegating this responsibility to non-IT personnel necessitates a formal exception process. The purpose of the process:
1) Grant exceptions equitably across all units.
2) Document who received an exception.
3) Establish clear accountability for security incidents.
Scope
Exceptions can be requested by faculty and staff. Exceptions for graduate students will only be considered if the student is employed by the department. Undergraduate students are not eligible for exceptions. This process is applicable to network- connected devices.
Process for Requesting an Exception
1. Consult with your local IT Professional about your specific needs or concerns. In many cases, your local IT Professional can recommend a strategy that will address your needs without necessitating an exception.
2. If your IT Professional cannot accommodate your needs without granting an exception, confirm that you have the support of your unit head and accept responsibility for any potential security incidents on devices that you administer.
3. Fill out the exception request form, obtain signatures, and submit to the Warnell School Office of Information Technology. Complete requests will be reviewed within 30 days of receipt; incomplete requests will be returned.
Expectations
Please read each of the following statements and initial below to indicate your agreement:
- I agree to abide by and apply all IT policies and standards published here: https://TD Warnell Knowledge base
- I agree that the device will meet the following minimum standards required for all devices associated with Warnell:
- Where applicable, devices will be bound to UGA's Active Directory to maintain compliance with university user account standards.
- Warnell OIT will maintain administrative access to the device at all times.
- Warnell OIT will maintain tools for patch and policy compliance on the device at all times. These tools may include Microsoft Intune and ConnectWise.
- Additional information concerning each of these requirements is available in the Warnell OIT knowledge base: http://warnell KB
- I acknowledge I am assuming all risks and responsibilities associated with the administrative access that I am requesting and that the risks and responsibilities are no longer the responsibility of Warnell OIT or the Dean's Office.
- In the event of a security incident, I understand that my supervisor and I assume all risk, responsibility, and costs associated with data loss, data recovery, and damage to reputation associated with the security incidence.
- I understand that the occurrence of security incidents will result in the reevaluation of the administrative access that I have been granted as determined by the Dean's Office in consultation with the IT Executive Director and your supervisor.
- I acknowledge that receiving an exception will result in a lower service level from Warnell OIT since I will be handling all risks and responsibilities associated with administrative rights on computers that I administer.
- Warnell OIT will assign a medium priority to my requests including requests for incident mitigation, and Warnell OIT will respond during regular business hours as resources allow.
I agree with the statements above.