II-2a Alumni Email Account Policy

Overview

Version 0.5
Last Revision Date: March 22, 2018
Approval Date: Draft for Review and comment Approval Authority: Chief Information Security Officer

Purpose

Case Western Reserve University has historically extended email account privileges to qualified CWRU alumni after graduation. This privilege also included all services within the Google Suite(formerly called Google Applications for Education). This situation has created risk to the university information when employees, who are also alumni of CWRU, leave the university’s employment and may retain access to university business related information resources and communications post employment. This policy addresses the risk of disclosure or modification of university information by non-employees.

Scope:

This policy applies to all alumni account holders who are current, or former, employees of the university.

Coordination with Other Policies and Procedures

The CWRU Alumni Account Policy is closely aligned with these policies

Policy I-1 Acceptable Use Policy

Policy II-2 Case Network Account Closure Policy

Policy III-1 Information Types and Sensitivity

Policy III-1d Controls- Protecting Internal Use Information Systems

Cancellation:

Not applicable.

Policy Statement

General

The university extends email privileges to all qualified alumni. Because CWRU uses the Google Suite for delivery of email services, other useful Google services are also part of the alumni privileges, including Calendar, Contacts, Drive, Sites, Groups, Meet, Photos, YouTube, to name a few. When that alumnus is also a former employee, employment related business information in any of these applications that would be available to that former employee.

Policy

  1. The university will no longer extend alumni email account access to former employees.
    • Newly hired employees who are CWRU alumni will be advised upon hire to export their Google Suite data before they become fully involved in university operations.
    • Current employees who are also CWRU alumni will be addressed on a risk basis when they leave CWRU employment.
  2. University employees who engage in educational benefits while an employee may become alumni, but also will have no post-employment email/Google Suite services.
  3. University Identity Management systems will no longer show concurrent staff/alumnus or faculty/alumnus role.

Responsibility

University Technology (UTech): Implement technical controls to ensure automated provisioning of email access via role.

Information Security Analyst (ISO): Monitor risk to terminated employees access to information systems post-employment.

Definitions

Staff: An employee of the university, including faculty, staff, or contractor.

Alumnus: A person who has completed a degree program and has been granted a degree, such as a bachelors, masters, or doctorate degrees.

Standards Review Cycle

This standard will be reviewed every three years on the anniversary of the policy effective date, at a minimum. The standard may be reviewed on a more frequent basis depending on changes of risk exposure.