Skip to Search Skip to Global Navigation Skip to Local Navigation Skip to Content
Handbook of Operating Procedures
Chapter 11 - Information Technology
Previous Publication Date: December 12, 2014
Publication Date: August 2, 2022
Policy Reviewed Date: November 18, 2021
Policy Owner: VP for Information Technology


11.05 Position of Special Trust


I. POLICY STATEMENT


The University of Texas at San Antonio (UTSA) employees who are granted elevated or special administrative access privileges to Confidential Data serve in Positions of Special Trust. Those employees must take additional measures to account for their UTSA Information Technology Resources.


II. RATIONALE


This policy describes the duties and responsibilities of all individuals who serve in Positions of Special Trust.


III. SCOPE


This policy applies to all UTSA employees serving in the Position of Special Trust.


IV. WEBSITE ADDRESS FOR THIS POLICY


http://www.utsa.edu/hop/chapter11/11.05.html


V. RELATED STATUTES, POLICIES, REQUIREMENTS OR STANDARDS


  1. University of Texas System Policies or the Board of Regents' Rules & Regulation
    1. UT System HOP 4.1.1 Information Technology Resources Acceptable Use and Security Policy.
    2. UT System Policy UTS 165, UT System Information Technology Resources Use, and Security Policy.
    3. UT System Policy UTS 178, Required Reporting of Significant Events.
    4. UTSA HOP Policy 11.03, Acceptable Use Policy.
  2. Other Policies and Standards
    1. Title 1 Texas Administrative Code, Part 10, Chapter 202, Subchapter C.
    2. Texas Computer Crimes Act, Title 7, Chapter 33 Computer Crimes.

VI. CONTACTS


If you have any questions about Handbook of Operating Procedures policy 11.05, Position of Special Trust, contact one of the following offices:

  1. Office of Information Security
    210-458-7974
    informationsecurity@utsa.edu
  2. UTSA Tech Solutions
    210-458-4555
    TechCafe@utsa.edu  

VII. DEFINITIONS


  1. Data: Information that is recorded – regardless of form or media – that is used to support the mission of UTSA, whether in an administrative or research capacity. Data may be saved or transmitted in hard copy (printed or written), digital/electronic (including video, audio, images), or other formats.
  2. Data Owner: The manager or agent responsible for the business function supported by the Information Technology Resource or the individual upon whom responsibility rests for carrying out the program using the Information Technology Resources.
  3. Data User: An individual who is authorized by the Data Owner to access the Information Technology Resource, in accordance with the Data Owner's procedures and rules, whether done individually or through facilitation or responsibility for an automated application or process.
  4. Information Technology Resources: The procedures, equipment, facilities, software, and Data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information. This may include but is not limited to any and all computer printouts, online display devices, mass storage media, and all computer-related activities involving any device capable of receiving email, browsing websites, or otherwise capable of receiving, storing, managing, or transmitting data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, mobile devices, pagers, distributed processing systems, network-attached and computer-controlled medical and laboratory equipment (e.g., embedded technology), telecommunication resources, network environments, telephones, fax machines, printers and hosted services.
  5. Chief Information Security Officer (CISO): Staff member responsible for providing and administering the overall information security program for all centrally maintained and all distributed systems and computer equipment.
  6. Position of Special Trust: Data Users assigned accounts by UTSA whose privileges allow them broad access to Category I and Category II Data (See UTSA Standard for Data Classification), modification of account information (such as changing/resetting passwords), or systems with the capability of causing widespread outages to Information Technology Resources.

VIII. RESPONSIBILITIES


  1. Data User in a Position of Special Trust
    1. Must have antivirus software installed and updated.
    2. Must meet all encryption standards.
    3. Must report to InSight application.
    4. Must be a member of the Active Directory domain.
    5. Must have all approved patches/updates installed.
    6. Use high-level/administrative access only when required. All other times use your normal levels of access.
    7. Document areas of concern and present to CISO.
    8. Use only high-level/administrative access when required. All other times use normal levels of access.
    9. Participate in assigned specialized training, as assigned and available.
  2. Chief Information Security Officer
    1. Reviews and updates the inventory of the Information Technology Resources (including training).
    2. Maintains a list of Information Technology Resources that process, maintain, or access Category I (Confidential Data).
  3. UTSA Managers/Supervisors
    1. Ensures that UTSA employees who will be provided with elevated access to Information Technology Resources must sign the Positions of Special Trust Acknowledgement Form (POST Form).
    2. Maintain the signed POST Forms.

IX. PROCEDURES


  1. Positions of Special Trust Acknowledgement Form
    1. Prior to providing access to a system covered by this policy or its related standards, the manager/supervisor must determine if the employee will have elevated access privileges to the following:
      1.1 PeopleSoft/DEFINE administrators
      1.2 Banner Administrator, Database Administrator, Programmer
      1.3 Blackboard Administrator
      1.4 Network Administrator
    2. If the employee is provided with access to the systems identified above, the manager/supervisor authorizing access will notify the employee that the POST Form needs to be completed.
    3. Managers needing assistance in determining whether an FPOST Form is required may contact the Office of Information Security at informationsecurity@utsa.edu.
    4. The manager/department will retain the POST Form.
    5. The POST Form should be completed annually by employees designated as being in a Position of Special Trust.
  2. Security Standard
    1. Additional information can be found in the Standard for Position of Special Trust. This Standard contains a discussion of elevated access privileges, general standards, guidelines, a list of applications that require a Position of Special Trust Form, and other miscellaneous information.

X. SPECIAL INSTRUCTIONS FOR IMPLEMENTATION


None


XI. FORMS AND TOOLS/ONLINE PROCESSES


  1. Position of Special Trust Acknowledgment Form

XII. APPENDIX


None


XIII. Dates Approved/Amended


08-02-2022
12-12-2014