Policy AD80 IDENTITY AND ACCESS MANAGEMENT (IAM)

Policy Steward: Vice President for Administration

Contents:

  • Purpose
  • Scope
  • Definitions
  • Policy
  • Responsibilities and Authorities
  • Sanctions
  • Exceptions
  • Further Information
  • Cross References

  • PURPOSE:

    The collection and maintenance of information about the identity of persons related to the University, and the accurate and consistent electronically stored representation of that information, are critical to the functioning of the University. The purpose of this policy is to ensure accurate and consistent identity information within a centrally managed repository. Business units throughout the University shall rely upon a central person registry (CPR) as the University's sole authoritative source for identity information about persons.

    SCOPE:  

    This policy is effective at all University locations and applies to all units and individuals that make use of identity information in the conduct of University business..

    DEFINITIONS:

    Affiliation- the combination of one's relationship with Penn State (which may allow access to electronic services) and some form of trusted (may not be Penn State) identity. At Penn State, affiliations are not roles. One may have one or many active affiliations. For example, a person could have the affiliations of “Staff” and “Student."

    Central Person Registry (CPR)- the authoritative source for the intelligent management, capture, and storage of identity information related to persons and their affiliations with Penn State. The creation of a person record in the CPR is the means by which authoritative personal identity information related to a person is established for use within Penn State information systems.

    Proofing- the act of aligning a person's previously recorded data to the actual person at the time when credentials are issued. In-person proofing involves checking a photo ID, such as a driver's license, against the holder of the ID.  For example:  A Penn State student showing his or her driver's license or photo ID to obtain the ID+ card.

    PSU Identification Number (PSU ID)- assigned to individuals and is to be used as the primary identifier in Penn State’s administrative and academic systems. The PSU ID is a nine-digit number, beginning with 9 in the following format: 9-XXXX-XXXX. The PSU ID is unique to the individual and is a lifetime assignment.

    Identity Authorities (IA):

    POLICY:

    This policy establishes a central authoritative source for the creation, maintenance, and management of identity information and digital credentials at The Pennsylvania State University. All Penn State units shall use this central authoritative source for identity information and digital credentials.

    RESPONSIBILITIES AND AUTHORITIES:

    Information Technology Services (ITS) Identity Services Unit

    Under the authority of the Vice President for Information Technology, the ITS Identity Services Unit shall:

    Vice President for Information Technology

    The Vice President for Information Technology shall oversee identity and access management activities including but not limited to:

    Identity Authorities

    Identity Authorities shall be responsible and accountable for:

    Governance

    Penn State identity and access management governance, as appointed by the VP of Information Technology, Senior Vice President for Finance & Business, and Vice President and Dean for Undergraduate Education, shall:

    SANCTIONS:

    Violation of any portion of this Policy may result in initiation of legal action by the University and appropriate disciplinary action, which may include dismissal.

    EXCEPTIONS:

    Exceptions to this policy must be approved by the Vice President for Information Technology.

    FURTHER INFORMATION:

    For policy clarification and interpretation, contact the Office of the Vice President for Information Technology.

    CROSS REFERENCES:

    Other Policies should also be referenced, especially the following:

    AD11 - University Policy on Confidentiality of Student Records,

    AD20 - Computer and Network Security,

    AD35 - University Archives and Records Management,

    ADG01 - Glossary of Computer Data and System Terminology,

    ADG02 - Computer Facility Security Guideline, and

    HR60 - Access to Personnel Files.


    Effective Date: October 30, 2014
    Date Approved: October 30, 2014
    Date Published: October 30, 2014 (Editorial changes, March 24, 2017)

    Most recent changes:

    Revision History (and effective dates):

    | top of this policy | GURU policy menu | GURU policy search | GURU home | GURU Tech Support | Accessibility Statement | Penn State website |