Campus Alert: Find the latest UMMS campus news and resources at umassmed.edu/coronavirus

Page Menu

Account Recertification

Why do I have to recertify access?

Annual recertification is a security “best practice”, is an important control towards keeping our data safe, and ensures that user’s access to the UMMS computer network are necessary and appropriate. Managers must validate for individuals under their charge, with access to UMMS networks or systems, that their level of access is required for their specific job function.  Failure to recertify user accounts on a may result in non-compliance with regulations, contracts and grants and places the  Medical School at higher risk for:

  • A terminated employee gaining unauthorized access
  • Misuse of dormant accounts that are no longer needed

How do I recertify user access?

1. When you receive an email from UMMSInformationSecurity@umassmed.edu, click on the "Begin Review" button.

2. This will bring you to a list of your application tiles in the Office portal.  Select the tile titled "Access Reviews".

3. This will bring you to your access review page.  Select "Begin review" to view a list of individuals requiring your review and approval.

4. You will be presented a list of all individuals under your charge (example below).

5. Please indicate one of the following:

  • Approve – If the individual is under your management and has an ongoing relationship with the Medical School
  • Deny - The user does not have an active relationship with the Medical School
  • Don’t Know – Select this if the individual is not known to you or was a contractor, was transferred or reports to someone else. Please indicate what you know about the individual’s relationship with the Medical School. For example:
    • The individual is a contractor, who’s contract has ended
    • The individual transferred to a different department
    • The individual reports to someone else at the Medical School
    • Any other pertinent information
  • *If you select Deny or Don’t know for any individual, no action will be taken until a thorough review is completed by Information Security and Human Resources.

     

5. Once a status has been indicated, you will be prompted to save your selection.  Please indicate a status for each individual listed.

Please note, if you selected Deny or Don’t know for any individual, a member of the Information Security team will be in contact with you before corrections are made.

FAQ’s:

Q - I have an employee or contractor that is not on this list.  What do I do?

A – Please email UMMSinformationsecurity@umassmed.edu. We will research and work with HR to ensure that the individual is active in the PeopleSoft HR system and that all information is accurate.

Account Recertification