Description

The university allows only authorized personnel to perform maintenance on university information resources.

Applicability

  • The owner of an information resource, or designee, is responsible for implementing this Control.

Implementation

  • 1

    It is the responsibility of the information resource owner, or designee to:

    • 1.1

      Establish a process for maintenance personnel authorization;

    • 1.2

      Ensure that non-escorted personnel performing maintenance on the university information resource have required access authorizations; and

    • 1.3

      Designate university personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.