Revision History

Policy Name: Account Management Policy
Policy Owner: Information Technology
Policy Approver(s): Vice President’s Council
Version Number: 1.0

Effective Date: February 01, 2024
Last Reviewed/Approved Date: February 01, 2024
Next Scheduled Review Date: February 01, 2025
Policy Type: Campus-Wide

1.0 Purpose

Elon accounts (computer / network / email accounts) provide access and accountability for university information resource usage. The creation, control, and monitoring of all Elon accounts is crucial to giving members of the Elon community secure access to Elon University electronic resources.

2.0 Scope

This policy applies to all individuals with authorized access to any university electronic information resources.

3.0 Definitions

Availability: characteristic of the information by which authorized persons can access it when it is needed.

Confidentiality: characteristic of the information by which it is available only to authorized persons or systems.

Confidential Information: includes data and information regulated by state, federal, or international laws, any data and information regulated by the Payment Card Industry, and any Elon data and information that is not considered public.

Elon Assets: 

  • Any equipment that is used in the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information, including printers, storage devices, computers, computer equipment, network equipment and systems and phone equipment and systems.
  • Any software or technology system used to store, transmit, process, create, or present information or data for university use.
  • Any data or information used by Elon community members while doing business for and on behalf of Elon University. Elon Account (Network Account / Computer Account): The user ID used to access a computer, technology resource or any information resource maintained in electronic or digital format within the Elon domain.

Elon Data: any information resource that is maintained in electronic or digital format. Data may be accessed, searched, or retrieved via electronic networks or other electronic data processing technologies.

Employee: For this policy, the term “employee” refers to any person hired by the University and/or provided credentials that give them access to Elon’s data, information, or technology assets.

Information Security: preservation of confidentiality, integrity, and availability of information.

Information Security Program: a segment of management processes that addresses the planning, implementation, maintenance, monitoring, and improving information security within the University.

Integrity: characteristic of the information by which it is changed only by authorized persons or systems in an allowed way.

Student: For this policy, the term “student” refers to any person who is registered for or currently enrolled in classes at the University or has confirmed intent to enroll, and has been provided credentials that give them access to Elon’s data, information, or technology assets.

4.0 Responsibilities

  • Elon Senior Leadership (University President and members of Senior Staff) are responsible for ensuring the availability of resources to adequately protect Elon Facilities, Elon Assets, Confidential Information and Elon Data and promoting campus-wide compliance to all University and security policies, as well as regulatory and contractual requirements.
  • Associate Vice President of Information Technology and Chief Information Officer is responsible for ensuring Elon’s Information Security Program is effective and is governed appropriately.
  • Director of Information Security is responsible for designing and implementing the Written Information Security Program that aligns with the University’s goals and objectives, addresses the security needs of the organization, and reduces potential risk to Elon Assets, Confidential Information, and Elon Data to an acceptable level.
  • Supervisors / Department Heads / Managers are responsible for promoting security awareness within their department and ensuring their direct reports have read and understand the University’s policies. Managers, department heads, and supervisors are also responsible for ensuring their direct reports receive appropriate information security awareness training so they may fulfill their security and compliance-related responsibilities.
  • Elon Community Members should read and understand this policy. In addition, Elon Community members have a responsibility to:
    • Protect Elon Data and Confidential Information within their control from unauthorized access, modification, destruction, and disclosure.
    • Recognize and report cyber-related threats against the University and Elon assets.
    • Immediately report any security violation to their supervisor, department head, or Campus Safety and Police.
    • Attend appropriate University information security awareness training annually or as assigned.

5.0 Policy Statements

  • All faculty, staff, and non-paid staff Elon accounts are automatically created once the appropriate Human Resources forms and onboarding processes are complete.
  • All student accounts are automatically created once the appropriate Admissions and Registrar forms and onboarding processes are complete.
  • All Elon Accounts must be uniquely identifiable with an assigned username. All default passwords for Elon Accounts will be constructed in accordance with Microsoft’s Strong Password requirements and Elon University Password Standards.
  • The following individuals are eligible to obtain at least one Elon account:
    • Student applicants;
    • Currently enrolled students;
    • Current Faculty and Staff;
    • Emeritus Faculty/Staff;
    • Retirees;
    • Spouses & Dependents;
    • Non-paid staff (individuals who work on campus or are affiliated with Elon but are not paid by the university, includes volunteers, visiting professors, contractors, some religious life staff, and volunteer coaches); and
    • Departments and organizations (group/shared accounts)
  • Individuals may have multiple Elon Accounts assigned to them. The type of account for which an individual is eligible will be based on the individual’s primary role in association with the University.
  • In rare circumstances, “Shared” or “Departmental” accounts (those assigned to and used by members of an organization) will be created in support of activities directly associated with university functions.
  • When faculty or staff members resign or are terminated, their accounts are disabled immediately after their last day of work and then deleted after one hundred eighty (180) days. Any exception to this policy statement must be approved in writing by Human Resources via the Termination Access Extension Request process.
  • All Elon accounts, regardless of affiliation, will be disabled after 365 days of inactivity and deleted after 180 in disabled status.
  • If the relevant university office (e.g., Vice President of Student Life, Vice President of Academic Affairs, Human Resources, Chief Information Officer, etc.) determines that an Elon account abuse necessitates loss of computing account privileges, accounts are disabled immediately. For more information, please see the Acceptable Usage Policy.
  • Access to vendor, service provider, and partner accounts will be enabled only during the time period needed and disabled when not in use. All vendor accounts will be monitored when in use.
  • Repeated access attempts will be limited by locking out the user ID after six unsuccessful attempts.
  • Lockout duration will be set to a minimum of 30 minutes or until an administrator enables the user ID.
  • If a computer/network session has been idle for more than 30 minutes, the user will be required to re-authenticate to re-activate the terminal or session.
  • Generic accounts are permitted if approved by the department head and Information Security. Generic accounts will not be approved for any devices or systems that access confidential data or information.  However, if a generic account is assigned to an individual, a mechanism must be in place to ensure only that individual uses the generic account during their employment.

6.0 Sanctions

Sanctions for policy violation or inappropriate use of Elon Facilities, Assets, or Data may include, but are not limited to:

  • temporary or permanent revocation of access to some or all computing, networking, and other technology resources;
  • disciplinary action according to applicable University policies; and /or
  • legal action according to applicable laws and contractual agreements.

Individuals concerned about any violation of this policy are encouraged to contact the Associate Vice President of Information Technology/CIO or the Vice President for Finance and Administration/CFO. Individuals can also report suspected policy violations to infosec@elon.edu.