Date of Last Review 6/6/08
SME: Director of Management Information Systems


Security Request for all Applications


Policy

All computer and application password request will follow the procedures mentioned below to ensure appropriate access is given to meet the user’s specific job function/s.


Procedure

1. Password request procedures:
  a. Orientation:
   
  • All new employees will go to orientation.
  b. Electronic DPSRs
   
  • Fill out DPSR and submit request
   
  • List name of users
   
  • List application/s the user will need access to and what functions/features the user will utilize in the application
   
  • If these items are not filled completely in, return DPSR form back to the Department
  c. Training:
   
  • All employees will go to training before acquiring passwords.
   
  • All employees will fill out a Security agreement and return the signed copy to HR to be placed in employess personnel file.
  d. Pick-up:
   
  • User will need to come down to MIS and show appropriate identification to pick-up their ID and password
  • User will be provided with a unique user ID and strong password provided by UT’s electronic system
  • System administrator will provide unique user ID and strong password if system does not interface with UT’s LDAP or Active Directory system.
  e. Deletions:
   
  • After two weeks the user does not pick up their ID and password it will be shredded and deleted from the system. Existing users that have left the company are disabled in the systems.
  f. Vendor Access
   
  • All vendor access is disabled
   
  • Vendor must call and send e-mail requesting access
   
  • Vendor must state purpose for needing access
   
  • E-mail will be saved and documented in a log
   
  • Once vendor is done, access is disabled
   
  • Log is maintained in MIS department
   
  • Log is reviewed by system administrator
  g. Reset Passwords
   
  • User must provide name, phone and dept.
   
  • Call user back after several minutes to verify person
   
  • Reset password
   
  • Then send e-mail to user notifying change (do not send password)
   
  • Passwords are automatically reset/changed after 90 days
   
  • Use UT’s LDAP security process for strong passwords.
   

Requests by orientation group will not be accepted.

 
2. Password Cancellation
  a. Employee transfer/termination:
   
  • It’s the department manager/supervisor responsibility to inform MIS of an employee transfer/termination from their department.
   
  • PA list is compared to all systems to ensure those users accounts are disabled in the system.
3. Multiple Logins
   
 
  • IM Steering Committee agreed the HCPC residents and PHP doctors are authorized to have three multiple logins to support patient care due to high rate of patients and mobility. The doctors are encouraged to log off first before moving on to another computer.
   
4. Review user rights
 
 
  • On a quarterly basis departments send departmental lists of users and the systems they should have access to. The rights/access is reviewed by system administrator.
   
5. Siemens
 
 
  • Siemens and Zivata security requests are governed by their policy for system access
   
6 Violations
   
 
  • Violations are detected using the Information Technology Security Procedure
 
Director of MIS
UT-HCPC

 

Related standards

Texas Administrative Code Chapter 202

The Joint Commission : Management of Information

 

 

 

 

If you have questions regarding the content of this site please contact the Policy and Procedure Committee. If you experience any technical problems please contact the MIS Department.