The owner of an information resource, or designee, is responsible for implementing this Control.

It is the responsibility of the information resource owner, or designee to:

• 1.1

  Establish a process for maintenance personnel authorization;

• 1.2

  Ensure that non-escorted personnel performing maintenance on the university information resource have required access authorizations; and

• 1.3

  Designate university personnel with required access authorizations and technical competence to supervise the maintenance activities of personnel who do not possess the required access authorizations.