Main Nav

We have been discussing student worker access management and policy. In combing the Educause lists, there has been some discussion in the past. Common points of agreement appear to be: (1) student workers should have a worker ID separate from their regular student ID; (2) they should generally not have access to sensitive information; and (3) they should sign a confidentiality agreement. Does anyone have any policies that directly address student IT worker limitations and requirements? One specific point...are there any stipulations on student worker access to administrative or faculty computers (e.g. upgrades, maintenance, etc.)?

Thanks!

--
Kent King
Information Security Officer
Denison University
740.587.8558

********** Visit the EDUCAUSE Policy website at http://www.educause.edu/policy.

Comments

Well I, for one, would disagree with your perceived common points of agreement. 

 

We subscribe to the “one NetID per person” Identity Management model, regardless of affiliation (e.g., student, faculty, staff, etc.).  We assign permissions to roles, and roles to NetID’s.   An individual can have more than one concurrent affiliation (e.g., both a student and a staff member).  It isn’t always clear which affiliation should be considered “primary” and with our model, we don’t care.

 

We also have students in positions of trust with authorized access to confidential information  (e.g., teaching assistants with access to other students’ grades, research assistants with access to confidential research data, student tech support staff, etc.).   We strongly encourage the use of confidentiality agreements with all employees, students and  otherwise. 

 

Bottom line – we don’t restrict access solely on the basis of one’s status as a student, a staff employee, a faculty member, at least not at the institutional level.  Individual departments are free to do so if in their best interest.  At the institutional level, the same access policies and restrictions apply to each and every NetID owner, regardless of affiliation. 

 

FWIW,

Don

 

______________________________________________

 

Don Volz

Special Asst to the VPIT

Texas State University

Email: don.volz@txstate.edu

Voice: 512-245-9650

FAX: 512-245-1226

 

Thanks Don....in retrospect, I should revise my point #1...the area of agreement seems to be accountability (i.e., <not> using shared accounts). Some institutions have separate IDs, but using separate accounts is likely not the common point of agreement.

Kent

Bob -

I definitely agree that learning to properly handle sensitive information is an important part of the educational process. There are some differences in the doctor's office comparison however....In the business world, there is a direct and painful recourse: you will be terminated. We certainly have some "hold" over the student workers, up to and including expulsion if necessary.

That is where I was going with this discussion....does anyone have policies that define this process; the definition of violations of trust and how they are handled?

Kent

We take a different approach.  A student worker is an employee, and is treated as any other employee.  If a background check/NDA is required due to the nature of the position, it is done.  The network ID is the same, but access provided to systems/resources is granted based on the requirements to do the job.  If access to sensitive data is required, they follow the same procedures and agree to any applicable policies as any other employee to gain access.  When they leave the position, access is removed.

 

___________________________________

Daniel V. O'Callaghan, Jr., MBA, CISSP, GCFA

Chief Information Security Officer

Sinclair Community College

444 W Third St, 13-000F

Dayton, OH 45402

937.512.2452

 

 

 

Comments inserted -

The violations are spelled out in high-level terms in our acceptable use policy (http://www.txstate.edu/effective/upps/upps-04-01-07.html ) which is referenced by many other resources (e.g., the student handbook http://www.dos.txstate.edu/handbook.html ).

 

We also provide a template Student Employee Confidentiality Agreement at http://security.vpit.txstate.edu/policies/template_non-disclosure_confidentiality.html  and we work with departments to customize it for their specific situations and environments.

 

Best,

Don

 

______________________________________________

 

Don Volz

Special Asst to the VPIT

Texas State University

Email: don.volz@txstate.edu

Voice: 512-245-9650

FAX: 512-245-1226

 

From: EDUCAUSE Policy Discussion Listserv [mailto:POLICY-DISCUSSION@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kent King
Sent: Friday, January 20, 2012 10:41 AM
To: POLICY-DISCUSSION@LISTSERV.EDUCAUSE.EDU
Subject: Re: [POLICY-DISCUSSION] Student Worker Policy

 

Bob -

I definitely agree that learning to properly handle sensitive information is an important part of the educational process. There are some differences in the doctor's office comparison however....In the business world, there is a direct and painful recourse: you will be terminated. We certainly have some "hold" over the student workers, up to and including expulsion if necessary.

That is where I was going with this discussion....does anyone have policies that define this process; the definition of violations of trust and how they are handled?

Kent

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.