2025 SVA Username Policy Revised

School of Visual Arts is hereinafter referred to as "SVA."

Overview

A "username" is the term SVA uses for the series of letters and numbers which uniquely identify an individual to various information systems. A "username" is also often referred to by the term "login", "account name", "user id" or "myID login".

In SVA’s existing e-mail system, the username also functions as the e-mail address when @sva.edu is appended (e.g., the username “abcdef” becomes the e-mail address abcdef@sva.edu.)

Purpose

This policy outlines the rules and practices by which SVA Administrative & Network Services (or “SVA IT”) will assign and maintain usernames on behalf of SVA as part of an identity and access management plan.

Scope

This policy applies to all individuals affiliated with SVA that require an identity be established to access or utilize information systems - including faculty, staff, students, and alumni. Information systems may include but are not limited to: e-mail, internet access, file and print servers, application software, library resources, enterprise software, learning management systems, and cloud services.

Policy

1. Usernames must be unique and will be automatically assigned to identify an individual and only that individual.
2. Usernames must not be re-assigned or transferred to a different individual, even when the individual originally assigned is no longer affiliated with SVA.
3. Usernames must consist of 16 characters or less from the ASCII character set and will consist only of lower-case alphabetical (a-z) or numerical (0-9) characters.
4. Usernames are automatically generated from the following name components of the individual it identifies, as recorded in the relevant system-of-record (as of this writing, the Colleague system)
   1.  First Initial(s) of First Name(s)
   2.  Middle Initial(s)
   3.  Last Name(s)
5. Usernames will only contain numerical (0-9) characters to ensure uniqueness in the case that a generated username has already been assigned to another individual (e.g. abcdef, abcdef1, abcdef2, etc.)

Changing Usernames

Changing a username often involves making coordinated changes to multiple information systems and may have unintended consequences due to technical limitations of some information systems. Due to stricter changes in data privacy regulations and increasing cases of fraud SVA IT will no longer consider requests for custom usernames. On a case-by-case basis, if an offensive username is auto-generated, or for reasons of personal safety or privacy a request for change will be allowed.

In general, changing a username should be avoided, however SVA IT will change the primary username for an individual upon request due to a legal name change, a change in marital status. In case of a legal name change or marital status proof of the name change will need to be submitted to either Registrar Office for Students, HR for faculty and staff and Alumni Affairs for alumni.

Enforcement

This policy will be enforced by the IT Manager and/or Executive Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of SVA property (physical or intellectual) are suspected, the SVA may report such activities to the applicable authorities.

6.0 Definitions

Access Control List (ACL) A list that defines the permissions for use of, and restricts access to, network resources. This is typically done by port and IP address.

Demilitarized Zone (DMZ) A perimeter network, typically inside the firewall but external to the private or protected network, where publicly-accessible machines are located. A DMZ allows higher-risk machines to be segmented from the internal network while still providing security controls.

Firewall A security system that secures the network by enforcing boundaries between secure and insecure areas. Firewalls are often implemented at the network perimeter as well as in high-security or high-risk areas.

Third Party Connection A direct connection to a party external to the SVA. Examples of third-party connections include connections to customers, vendors, partners, or suppliers.

7.0 Revision History

This policy shall be subject to periodic review to ensure relevancy.