USE OF ADMINISTRATOR ACCESS
• Administrator Access to Swansea University provided devices must only be used for official Swansea University business.
• Use of Administrator Access should align with an individual’s role or job responsibilities.
• When an individual’s role or job responsibilities change, Administrator Access should be appropriately updated or removed.
• Administrator Access is be reviewed by the Cyber Advisory Team on a quarterly basis, with findings and recommendations submitted to the Chief Information Security Officer (CISO) for approval.
• In situations where it is unclear whether a particular action is within the scope of current job responsibilities or is appropriate, the situation should be discussed with the CISCO.
• Users with Administrative Access may be required to perform some security activities such as software or operating system patching and updates, as well as monitoring for unusual activity.
INAPPROPRIATE USE OF ADMINISTRATOR ACCESS
In addition to those activities deemed inappropriate in the Digital Acceptable Use Policy the following constitute inappropriate uses of Administrator Access to Swansea University computing resources:
• Installing unapproved software.
• Using the account for any activity where Admin privileges are not needed.
• Removing or adding accounts to/from a device.
• Accessing data/systems the user is not permitted to access.
• Bypassing formal Swansea University computing controls.
• Bypassing UAC (user access controls) or any other formal Swansea University security controls.
• Bypassing formal account activation/suspension procedures.
• Bypassing formal account access change request procedures.
• Bypassing any other implemented Swansea University policies.
The following constitutes inappropriate use of Administrator Access to Swansea University Devices under any circumstances, regardless of whether there is management approval:
• Using Administrative Accounts to perform standard “everyday activities” such as web browsing and email access.
• Accessing non-public Information that is outside the scope of specific job responsibilities.
• Exposing or otherwise disclosing non-public Information to unauthorized persons.
• Using access for personal gain or to satisfy curiosity about an individual, system, practice, or other type of entity.
If an account or a machine with Administrator Access is believed to be compromised, users with Administrator Access should NOT perform any type of digital forensics and notify immediately for further investigation.
