Data Security Contacts are required to perform the following tasks:
- Periodically examine all reports produced for their organization in the online security request system (with frequency determined by the number of users in the DSC's organization), and audit requirements.
- Periodically examine the online security request system to ensure outstanding security requests are serviced promptly.
- Retain supervisors' requests/approvals (either paper signatures or e-mail) for security access.
- Periodically examine same-organization DSC activity (for those organizations which have been empowered to grant access to resources they own).
- Periodically review the continued need for access to resources controlled by the DSC's organization.
- Proactively maintain proper userid access for users in the DSC's organization:
- Immediately suspend the userid upon employee termination, and request deletion of the userid.
- Retrieve any needed information within ten working days, and request deletion of the userid.
- Immediately adjust the employee's security access when there is a change in job responsibilities or any other employment status change that would result in a change of security access needs.
- Notify DSA of any incorrect information or observed risks to the security of University operations.
- Notify users of the proper password format to be used.
- Ensure that all users are aware of their responsibilities regarding security policies and procedures at the University of Virginia.
Realize that these tasks may change; therefore, all security personnel should review them monthly. Please contact the Data Security Administrators if you have questions or concerns regarding these duties.