Skip to Content

IT/PPS 04.08 - Third-Party Applications Access Review

Third-Party Applications Access Review

IT/PPS No. 04.08
Issue No. 1
Effective Date: 7/07/2017
Next Review Date: 7/01/2018 (EY)
Sr. Reviewer: Associate Vice President, Technology Resources

  1. PURPOSE

    1. This policy outlines the responsibilities of departments owning third-party enterprise computer applications, or modules thereof, to review and certify that access to those applications is appropriately granted and revoked.
  2. POLICY

    1. It is important, in order to ensure confidentiality and integrity of university-owned data and processes, that only those people with a valid reason have access to the university’s enterprise computer systems.

    2. Responsibility to ensure appropriate access rests with the department owning or utilizing the computer systems or modules in question. Technology Resources will maintain a document containing third-party computer application or module name and identified owner.

    3. Each responsible application owner will receive notification annually to conduct a full review of all users currently holding access to the computer system or module they are responsible for, and confirm the access is at the appropriate level for the job duties performed.

  3. PROCEDURES

    1. The procedures outlined provide details to ensure compliance with the Security of Texas State Information Resources, UPPS No. 04.01.01, Security of Texas State Information Resources.

    2. Each department owning or utilizing an enterprise computer system or module must certify to the Division of Information Technology by July 1 every year that they have conducted a full review of user access, described in Section 02.03, and have corrected any inappropriate access permissions.

    3. The application or module owner, or designee, responsible for the computer system named must sign the review certification.

    4. Failure to provide the required certification will result in notification to the Information Security Office for follow up as appropriate.

  4. REVIEWERS OF THIS PPS

    1. Reviewers of this PPS include the following:

      Position Date
      Associate Vice President for Technology Resources July 1 EY
      Vice President for Information Technology July 1 EY
  5. CERTIFICATION STATEMENT

    This PPS has been reviewed by the following individuals in their official capacities and represents Texas State Information Technology policy and procedure from the date of this document until superseded.

    Associate Vice President for Technology Resources; senior reviewer of this PPS

    Vice President for Information Technology