User Account Eligibility

Sul Ross State University has created this User Account Eligibility statement in order to clarify who can and is granted rights and access privileges to SRSU information technology resources.

SRSU automatically authorizes an SRSU user account for any individual with an official affiliation as an employee (faculty or staff), retiree or student. Accounts for other affiliations such as contractors, auditors, visiting faculty and other officials are created on an as-needed basis.

The following defines user account eligibility for Sul Ross State University. Exceptions may be requested by contacting the Chief Information Officer.

Upon activation, account holders are authorized access to resources based on their role.

General guidelines for what resources are available are as follows:

• Faculty (permanent, adjunct and emeritus), staff, and students have access to Microsoft 365 for file sharing, collaboration, email and calendaring.
• Access to services by any other groups, including contractors, auditors, visiting faculty and other officials, is evaluated on a case-by-case basis.

All inactive accounts will either be disabled or deleted (depending on the account type) based on the following account retention schedule once their association with SRSU ends.

1. Employees – Employee accounts are created automatically once the employment record indicates the individual is “hired.” The account is deleted from the system 30 days from day of termination. Once a designation ends or changes, all data associated with the account is no longer available to the individual.
2. Students – Student accounts are created at the point of acceptance to the university and remain valid for as long as the student has a record of enrollment in Banner. If a student has no such Banner activity during one long semester (fall or spring semesters), the account is deleted and all associated data is removed from SRSU systems and storage.
3. Others – on date specified by the sponsor.

• When an account is deactivated or removed from the system, all data associated with that account is also removed.
• All data stored on SRSU information technology resources remains the property of the university after an account is terminated.
• It is the responsibility of the affected department to ensure that all SRSU departmental data is not stored on an individual’s drive, but is stored on a shared drive or directory.  OIT recommends the use of Microsoft 365 for the storage of institutional data.
• All information is the property of SRSU and must not be removed unless specific permission has been given to do so and the data classification for that information has been considered before removing the data from SRSU. SRSU data that is classified as Sensitive or Confidential must not be removed from SRSU owned devices and should not be migrated to or stored on other systems. See the Data Classification Guide on the OIT website for more information on how to determine classification for data and who has the authority to do so.
• SRSU cannot guarantee recovery of individual files. Retrieval is dependent on management approval and storage capacity.
• Users may contact the Helpdesk at (432) 837-8888 or email ltac@sulross.edu for help on removing or deleting data from SRSU property.

Third-party accounts, including contractors, auditors, visiting faculty and other officials, are termed accounts that must be requested and sponsored by a current faculty or staff member. The sponsor specifies an initial desired expiration date of one year or less as part of the request. Specifics pertaining to these accounts are:

a. Sponsors must request that third-party accounts be deactivated when the account holder no longer requires account privileges or has completed the SRSU work for which an account was required.
b. The sponsor requests a third-party account by submitting a request through LTAC on behalf of the individual seeking an account. The sponsor’s eligibility is verified (i.e. their status as current SRSU staff or faculty).
c. The sponsor is expected to remain in contact with the account holder to assess whether the account should be extended or not.
d. Without a request from the sponsor to extend the account beyond the expiration date, the account is automatically deactivated upon expiration.
e. The sponsor is responsible for taking reasonable steps to ensure that the user account holder uses their account in accordance with SRSU policies. If there are any problems with a third-party account, OIT will contact the sponsor.

Requests for exceptions to this policy must be submitted in writing to the Chief Information Officer and are reviewed on a case by case basis. Requests shall be justified, documented, and communicated as part of the risk assessment process.