Versions Compared

Version Old Version 1 New Version Current
Changes made by

Rasodin Ramuddin Hamzah

Rasodin Ramuddin Hamzah

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Policy Statement

Effective 10 January 2025, all email accounts not assigned to individual users (e.g., FunctionalUnit@apu.edu.my) must be converted to shared mailboxes. This policy applies to all existing and newly created non-personal email accounts across the organisation. The policy is introduced to enhance security and ensure effective management of organisational email resources.

...

Purpose

The purpose of this policy is to:

  1. Strengthen security by minimising the risk of unauthorised access to generic email accounts.

  2. Streamline the management and monitoring of shared resources for operational efficiency.

...

Scope

This policy applies to:

  • All existing and future email accounts created for roles, functions, teams, or functional units(e.g., support, admin, helpdesk) that are not tied to a specific individual.

  • Email accounts used for automated services, group communications, or departmental operations.

...

Policy Requirements

  1. Mandatory Conversion:

    • All existing non-personal email accounts will be reviewed and converted to shared mailboxes by the IT department before 31 January 2025.

    • All new non-personal email accounts created after 10 January 2025 must be set up as shared mailboxes.

  2. Access Permissions:

    • Access to shared mailboxes will be limited to authorised users only.

    • Permissions (Full Access, Send-As, Send-On-Behalf) will be assigned based on users’ roles and operational needs.

...

Procedure

  1. The Technology Services will identify all existing non-personal accounts and notify the respective department heads.

  2. Unit heads will provide a list of authorised users and their required access permissions (Full Access, Send-As, Send-On-Behalf).

...

  • Requests for non-personal email accounts must be submitted to the IT department, specifying the intended purpose and required access permissions.

  • The IT department will create the account as a shared mailbox and provide access to the authorised users.

...

Exceptions

Exceptions to this policy may be granted under the following conditions:

  • Legal or regulatory requirements necessitate the use of individual accounts for specific roles.

  • Other exceptional business needs, subject to approval by the IT department and senior management.

...

Compliance

Failure to comply with this policy may result in restricted access to organisational email resources. Regular audits will be conducted to ensure adherence to this policy, and non-compliance will be addressed as per organisational guidelines.

...