Information Security

Out-of-Band Access Request Procedures

Last modified 9/27/2022


ISU employees on occasion have the need to access resources when the resource owner is unable to approve of the access. Two common causes of this need are employees on extended leave or employees' individual resources are needed after the employee exits employment.

If the resource owner is not on a leave and maintains an active non-grace employee affiliation with the University, this process should not be followed, and approval for the request should be directly requested from the resource owner. A separate process exists for requesting access related to a Family Medical Leave Act (FMLA) leave of absence.

  • The Technology Support Center (and some local IT support teams) assist with the creation of requests.
  • The Information Security Office reviews requests, provides request approvals, and facilitates request approvals from Human Resources (HR).
  • The Unified Communication (UC) team fulfills requests when the targeted resource is in Office365.
  • Other IT support teams may fulfil requests when they manage the targeted resource.

Submit a Request

The Out-of-Band Access Request Form is published and should be completed to start a request.


Request Details

In order to form a complete request, each request ticket must contain the following information.

  • The resource access being requested
  • The ULID and working title of the requester
  • The ULID, working title, and job classification (AP, CS, Student, GA, faculty) of the targeted resource owner
  • Request justification / business case

Tickets with incomplete information will be routed to the Technology Support Center or the local IT support team to be completed with the customer.

Standard Requests

Requests under this process are considered standard if the following criteria are met:

  • The targeted resource owner is on leave or has a grace affiliation
  • The requester is in the reporting line above the targeted resource owner up to the University President
  • The requested resource(s) are exclusively one or more of the following:
    • Office365 OneDrive access up to 30 days
    • Office365 mailbox access up to 30 days
    • Network share access up to 30 days (including individuals' drives, sometimes called "H" drives)
    • A one-time resource copy
    • An automatic Office365 mailbox out of office reply
    • An automatic Office365 mail forward rule

Non-Standard Requests

Any request not defined as a standard request above is considered a non-standard request.

Non-standard requests require additional analysis and must be directly approved by the University Chief Information Security Officer. Non-standard requests that are only considered non-standard due to a duration longer than 30 days may be approved by HR and/or the Information Security Office with a reduced duration of 30 days. For requests requiring access longer than 30 days, a new request may be submitted into this process.