Policies and Guidelines

Individual Accountability

Purpose

To ensure that any file/date modifying activity occurring on a University of Houston corporate computer system is traceable to the individual initiating it.

Scope

All shareable corporate computer systems under the control of the University of Houston.

Standard

A procedure will be in place for all computer systems to ensure that an individual uniquely identify himself/herself before gaining access to any computing resources.

Guidelines
  1. Automated identification processes should involve providing the system with both a user identification and a confidential password.
  2. All actions, either on-line or batch should be fully auditable to an individual.
  3. This policy applies to activities by users and programmers.
  4. Procedures are actively enforced to ensure that user I.D.s and passwords are removed from the system whenever that person is transferred to another position or leaves the organization.
  5. Sign-on software does not allow one user to be signed on to more than one terminal. Exceptions may be allowed upon written permission of Support Services and the employee's manager.
  6. If a decentralized administration approach is used, the ISO has the ongoing responsibility to ensure that these users actively comply with University of Houston policies and procedures regarding user I.D. administration.