Student employees occupy dual roles at the University. As students, they have access to information and resources consistent with this academic role. As employees, they may have access to institutional systems to perform business functions for the University and may, either intentionally or unintentionally, come into contact with confidential information or even regulated data. Student use of their normal credentials in their employee context poses security risks that can persist after their employment ends, and formal separation between the two roles is fundamental to effective information security. For this reason, we recommend that student employees be given a “work” account. These are created centrally in our Active Directory and can be managed and removed as needed by system administrators. To request a student employee work account, submit a ticket to ITS Technology Support Center. In the coming months, we will launch an application that enables self-service and integrates with our LDAP directory service. We will communicate broadly when this service is available.