For the latest COVID-19 campus news and resources, visit umassmed.edu/coronavirus.

Site Menu
Search Close Search
Search Close Search
Page Menu

Account Recertification

Why do I have to recertify access?

Annual recertification is a security “best practice” and is manadatory per the Identity and Access Management Policy.  It is an important control towards keeping our data safe, and ensures that user’s access to the UMMS computer network are necessary and appropriate. Managers must validate for individuals under their charge, with access to UMMS networks or systems, that their level of access is required for their specific job function.  Failure to recertify user accounts may result in non-compliance with regulations, contracts and grants and places the Medical School at higher risk for:

  • A terminated employee gaining unauthorized access
  • Misuse of dormant accounts that are no longer needed

How do I recertify user access?

1. When you receive an email from UMMSInformationSecurity@umassmed.edu, click on the "Begin Review" button.

2. This will bring you to a page listing your assigned access reviews.

3. Select your review assignment.

imagese8b7.png

4.  You will be presented a list of all individuals under your charge (example below).

imageqbzjp.png

When you select the "Details" hyperlink, you will be presented with a menu (below):

 5. For each individual, please indicate one of the following dispositions and click submit:

  • Approve – If the individual is under your management and has an ongoing relationship with the Medical School
  • Deny - The user does not have an active relationship with the Medical School
  • Don’t Know – Select this if the individual is not known to you.  Please indicate what you do know about the individual’s relationship with the Medical School. For example:
    • The individual is a contractor, who’s contract has ended
    • The individual transferred to a different department
    • The individual reports to someone else at the Medical School
    • Any other pertinent information

  • *If you select Deny or Don’t know for any individual, no action will be taken until a thorough review is completed by Information Security and Human Resources.

6. Once a status has been indicated for each individual, you may simply close your browser tab.  You will not be prompted to save the review; results will automatically be saved. 

Please note, if you selected Deny or Don’t know for any individual, a member of the Information Security team will be in contact with you before corrections are made.

FAQ’s:

Q - I have an employee or contractor that is not on this list.  What do I do?

A – Please email UMMSinformationsecurity@umassmed.edu. We will research and work with HR to ensure that the individual is active in the PeopleSoft HR system and that all information is accurate.

Account Recertification