Access & Authorization

The network access policies extend from the recognition that information security is of paramount importance to achievement of SIPA’s mission and operations. SIPA IT's role is to protect the organization and to exercise due care in providing access privileges to persons, processes, and devices.

This document sets guidelines for authorizing the granting, revocation, and use of privileges.

Access refers to a user’s ability to view, modify, or enable flow of information.

Accountability is a security principle indicating that individuals must be able to be identified and to be held responsible for their actions. Accountability enables an explanation of how a system moved from one state to another.

Identification is the process that enables one subject to recognize another subject or object. Identification is the first step in an authentication process. For example, an account’s username identifies a subject to a system.

Authentication is the verification of a subject requesting the use of a system and/or access to a network resource. For example, the correct submission of an account’s password for its corresponding username authenticates a user.

Authorization is the granting of access to a subject to an object after the object has been properly identified and authenticated. The granting of access is performed by an authorization mechanism acting in accordance with rules set forth by the object’s owner or information owner.

User Accounts on SIPA Network

To ensure accountability SIPA IT will solely issue uniquely identifiable accounts to members on its network. A SIPA network ID and password are solely for the use of the user to whom it is issued.

Authorization, Privileges

Only information owners or their authorized delegates may submit requests to SIPA IT for the authorization of requests granting or revoking privileges and requests directing a privileged action to be performed on a business process or information asset for which they are responsible.

All such requests must be made in writing by the information owner or their delegate and be authenticated by SIPA IT. For all SIPA offices, the requests must have been signed off by SIPA HR indicating that the person has been hired before a request for SIPA Network ID will be processed. It is not permissible for an information owner to simply be copied on a request. A SIPA network ID is issued within 2-3 business days of receiving the request.

If a user allows another user to login with their SIPA network ID, their ID will be suspended and their supervisor informed immediately.