Administrative Authority Request Procedure

 
Note: "Administrative Authority" is not simply the ability to update software on a computer.  It is taking on the full responsibility of the maintenance, security, and reporting for the requested computers.  Such authority will be granted sparingly based on specific needs not based on convenience.

See https://itsecuritycenter.tamu.edu/requirements/ for the A&M IT security requirements.

Effective December 19, 2016

Texas A&M University has implemented a set of Information Security procedures for the protection of computing devices and the data stored within them.  The College of Education and Human Development (CEHD) is responsible for devices owned by any unit within the college and is required to submit an annual security risk assessment on these resources.  In addition, the CEHD Dean is required to approve security plans as well as the annual risk assessments for all devices. (TAMU SAP 29..01.03.M0.01 2.5, 3.1, 3.2)  The operational responsibility for these devices as well as the creation of risk assessments has been delegated to Technology Services within the CEHD Dean’s Office.

In order to maintain all college devices, administrative control of all CEHD information resources must remain with Technology Services whenever feasible.  (Some devices such as tablets do not have the concept of administrative accounts, so are excluded but security plans and risk assessments must still be submitted.)  This control allows Technology Services to enforce security policies and system settings, verify that only legally licensed software is installed, as well as implementing other automated tasks.

However, some job responsibilities may require that you can make administrative changes to your system(s) without waiting for Technology Services.  In these cases, you may request approval from the CEHD Dean to take over operational responsibility (i.e. administrative authority, admin rights) for specified devices.  

As part of this responsibility, you must

  1. Agree to read, understand, and implement all relevant rules regarding the protection of information resources. (See https://itsecuritycenter.tamu.edu/requirements/)
  2. Prepare a Security Plan in accordance with TAMU Control Catalog item PL-2.  A template is provided.
  3. Agree to complete an annual risk assessment following requirements from the TAMU Office Information Technology Risk Management and submit the risk assessment to the CEHD ISO by March 1 each year.  A reminder with specific instructions will be sent by the ISO at the beginning of each year. A template is provided.

Request Procedure

  1. Submit your security plan and the signed request form to the CEHD ISO (currently Arlen Strader) for review. 
  2. If you are unsure whether your particular situation merits administrative authority, discuss with the CEHD ISO prior to document preparation.
  3. Once the security plan is confirmed to be complete andapproved by Technology Services, the plan and request form will be forwarded to the CEHD Dean for final approval.
  4. If approved, you will need to coordinate with Technology Services to setup administrative rights on your computer(s).

(Note: anyone who was granted Admin Rights prior to December 31, 2016 will be grandfathered in so a new request for admin rights is not needed.  However, you will need to complete a Security Plan and answers to the Risk Assessment questions each year to be included in the college's annual IT security report to A&M.)

The IT Security Plan and Risk Assessments are compiled each year as part of the college's IT report to the university and will be provided to auditors upon request.