Policy
Policy Name
Access Control Policy

Overview
Access to systems and applications should be controlled to ensure access is commensurate with job and security requirements. Access should be consistent with a user's functional role in the organization and should define specific access rights authorized on systems, networks and applications.

Statement
The following access control safeguards shall be followed for Access to information resources (e.g. systems, applications, networks) or "Access":
  • Shall be granted based on business need and functional role.
  • Shall be granted after positive authentication and authorization by the information resource owner.
  • Must be granted on a need-to-know and least-privilege basis (minimum privileges required to perform job junction).
  • Must be reviewed periodically to ensure accuracy and appropriateness.
  • Must be appropriately logged to ensure accountability and audit trail in accordance with Logging Policy.

Justification

The following benefits will be achieved:

  • Access to information resources is appropriately managed and controlled
  • Users have appropriate access to meet business needs

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Access Control