VPN Haus: When dealing with employee terminations, who should own network provisioning – HR or IT?
Ben Ruset: Typically HR should notify IT and request that an account needs to be disabled/deleted. Neither department should make a unilateral decision that an account be modified without clearing it with the other. It’s all a matter of having well defined processes for business functions like this. Unfortunately many organizations forget to create or enforce them until it’s too late.
VPN Haus: Is this a process that you recommend automating?
Ruset: Well, this really is more of a human issue than a technological one. If there’s a policy in place, HR should notify IT to kill the account. Since they will manage to tell finance or the payroll company that the employee is terminated, as well as the health insurance company, they should be able to notify IT. Alternately if there’s a system like Peopleworks, or some such, there could be an automatic notice sent to IT as part of the termination workflow.
VPN Haus: Do the provisioning issues you raised also relate to student email address / account, especially with graduation and new school seasons?
Ruset: So, let me preface by saying that I’m not directly involved with provisioning accounts for students, faculty, and staff. IT at Princeton tends to be pretty compartmentalized. The most that I do is, request accounts for things like the occasional contractor or temp worker who’s setting up an application or whatnot. But I do try to keep my ears open and I do have a rough familiarity with the process at Princeton, so I can try to answer as best as I can.
The process for new students has a pretty well thought-out workflow. The OIT (Office of Information Technology) gets a list of incoming students for each year from the registrar’s office, and creates the accounts prior to the students arriving on campus. The students then go to an online form and create their passwords.
VPN Haus: What about when students graduate?
Ruset: When the student graduates, if they’re undergrads, their accounts are kept active until the following October or so. Then it’s deleted. I’m not sure if this is a process that happens automatically, or if someone at OIT has to launch a script or something that closes accounts in mass. Actually, there’s a good page in the Princeton KB about what happens to accounts upon graduation, retirement, etc: http://helpdesk.princeton.edu/kb/display.plx?ID=5855
Stay tuned, next week Ruset talks with VPN Haus about university connectivity issues.
[tweetmeme source=”vpnhaus” only_single=false]