Policies and Guidelines

Controlling Access to Information

Last Updated: December 12, 2008
Reviewed: January 8, 2010

Purpose

To ensure confidentiality, integrity, and availability of their information resources, a department must have a strategy for controlling access to information through owner identification and user authentication.

Scope

Departmental management and technology staff.

Process Overview

Identify and establish data owners.
Identify the user groups who need access to the data controlled by each data owner.
Data owners identify the privileges to be granted to each group of users.
Each computer user is required to have a unique logon ID and strong password.
Each computer user acquires access to information through assignment to one or more user groups.

References

Texas Administrative Code (TAC) 202.7, Section C: "Management and Staff Responsibilities"

TAC, 202.7, Sections A, B, C: "Information Resources Security Safeguards"

IT Security Manual: "Data and Software Access Control"

IT Security Manual: "Information Ownership"

IT Security Manual: "Password Control"

IT Reference Guide: "Logical Security: Confidential Information and Logical Security"

IT Security Manual: "Logical Security: Local System Protection, Firewalls"

IT Support Standards: "Data Security"

IT Support Standards: "Password Use and Computer Account Security"

University of Houston

UIT Help Center