Dormant Account & Audit Guidelines
Purpose
As an active member of the BGSU community users are provided with a BGSU Account that provides access to several services including MyBGSU, BGSU email, Canvas and OneDrive along with many other services. BGSU also provides access to other services/applications that are not automatically provisioned for which users can sign up using their BGSU credentials. Examples include services such as BGSU blogs, SharePoint, ListServs, Bridge Content Creator, and shared office email accounts.
These additional accounts are often useful to serve business, academic, and personal needs; however, they should be closed once they are no longer needed. Keeping unnecessary accounts open exposes BGSU to security risks like phishing attacks and makes coordination of patches/upgrades more difficult and time consuming, leading to an overall decrease in IT efficiency.
The Dormant Account & Audit Guidelines outline ITS’ process for identifying, communicating with, and cleaning up those additional accounts no longer needed/in use.
Definitions
These definitions apply to the Dormant Account & Audit Guidelines only.
Account refers to additional access and/or privileges that allow for administration or creation of content (such as a blog, email Listserv, or SharePoint site) by an individual BGSU affiliated user.
Audit is the process for reviewing a system for dormant or orphaned accounts.
Dormant account is an account with no activity for over 12 months.
Orphaned account is an account with no active BGSU account owner.
Account clean-up is the act of permanently deleting an account no longer in use as a result of being dormant or orphaned.
Procedure
ITS conducts audits to identify dormant or orphaned accounts.
If an account is determined to be dormant, ITS will notify the account owner(s) of this status and will clean up the account if no action occurs within 4 weeks. All communication will be conducted via email.
If an account is determined to be orphaned and associated with a BGSU department, ITS will attempt to contact the department to identify a new owner. It will be indicated that if no action occurs within 4 weeks the account will be cleaned up. If the orphaned account is not associated with a department and due diligence does not produce an alternative owner, the account will be cleaned up.
After making an initial contact attempt and allowing a minimum of 4 weeks for action, ITS will clean up all accounts that remain dormant or orphaned.
ITS will attempt to take into consideration users with work schedules around the academic year.
Applicable Services (include, but are not limited to):
Blogs – blogs.bgsu.edu
SharePoint
ListServ
Bridge Content Creator
Etc.
Updated: 06/23/2023 11:04AM