Question APPL-10
Do you have a fully implemented policy or procedure that details how your employees obtain administrator access to institutional instance of the application?
| Weight | 10 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
State plans to fully implement policy or procedure that details how administrator access is handled in your environment.
Answering "YES"
Describe or provide a reference that details how administrator access is handled (e.g., provisioning, principle of least privilege, deprovisioning, etc.).
Reason for Question
Protecting administrative accounts is crucial to maintaining system integrity in any environment. This question is targeting privilege creep and unmanaged privileged acccounts to determine if the vendor properly manages access control in their application/system environments.
Follow-Up Inquiries
Ask the vendor to summarize their implemented policies and/or procedures
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]