LLE IT Security Policy

LLE IT Security Policy for LLE Employees Granted
a University of Rochester Leave of Absence

Given

  1. For the duration of the LLE employee leave of absence, they are not expected to perform their normal LLE assigned duties.
  2. LLE employees on leave of absence may travel to areas of the country or world and/or use information technology resources or services that may create an IT Security risk for LLE resources, infrastructure or intellectual property.

Therefore,

the following steps are to be taken for the duration of the LLE employee Leave of Absence:

  1. Disable the employee's LLE e-mail account log-in access
    1. This prevents the LLE employee's username and password from being compromised should they attempt to log in to their account from an insecure location or over an insecure network

  2. When an e-mail is sent to the LLE employee's LLE e-mail address, the LLE e-mail system will auto-respond to the sender with an away message indicating the following:
    1. The LLE employee is away from the office for an extended period of time without access to LLE e-mail.
    2. b. (Optional) Display the LLE employee's personal (i.e. non-LLE) e-mail address so the sender may use the LLE employee's personal e-mail address to contact them, if desired.

  3. Disable the employee's LLE IT user accounts and UR ID swipe access to LLE Facilities

  4. Collect and hold the employee's LLE-owned IT assets at LLE for the duration of the leave of absence
    1. Desktop, laptop, tablet computers
    2. Cell phone and/or pager
    3. RSA Token(s)
    4. Keys

  5. LLE HR Meets with employee to review benefits

  6. When the employee returns from their Leave of Absence
    1. Return LLE-owned IT assets to the employee
    2. Re-enable LLE IT e-mail with forced password change
    3. Re-enable LLE IT accounts with force password change
    4. Re-enable employee UR ID swipe access to LLE facilities