Ask the Expert

Creating a user account management policy to delete old accounts

Our enterprise is creating a policy for disabling inactive accounts. The CIO believes we should contact these individuals' supervisors before disabling; is this a good idea? It seems like having to contact all supervisors before deactivating might really complicate and lengthen the disabling process. Would it be better to have a default deactivation policy after a certain period of inactivity?

    Requires Free Membership to View

Actually, when it comes to a user account management policy, I think you should have both a default deactivation policy for inactivity, along with a verification process involving local supervisors to ensure deactivation is necessary. If a user hasn't accessed an account after a specific period of time, the account should be orphaned -- the user no longer needs access but the account is still active -- and it's important to delete old accounts.

However, with that said, workers take maternity leave, projects get delayed due to budget constraints, employees come down with unexpected illnesses or need to care for loved ones, etc. No system can recognize these cases; only supervisors, and possibly HR. So, when it comes to people, make sure to consider the human issues, which are the domain of supervisors: They'll know whether an employee will return tomorrow, in a few days, or never.

In the worst-case scenario, such as you disable an account just in time to find out that the worker is returning the next day, and you need to re-enable it, experience says that re-enabling doesn't simply involve making a call, but rather following a process that could take hours or days. I'd suggest following your CIO's advice.

This was first published in April 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: