Documente Academic
Documente Profesional
Documente Cultură
Role
Name
Role
Name
Role
Document Path
Version
Number
Author
Date of
Preparation
Reviewer(s)
Date of Review
Approver
Date of
Approval
Signature
Signature
Signature
Date of Release
qmsserver/missionQ/I
nformation_Security_
Processes/Security_P
olicies/Non_IT_Policie
s/IT_Security_Policy
Version
Number
Revision History
Date of
Section/ Page #
Release
Changed
Details of
Changes
Internal
Objective
This document forms Caretels User Access Control & Account
Management Policy in support of the IT Security Policy. Compliance
with this Policy will enable consistent controls to be applied
throughout the organization minimizing exposure to security breach,
whilst allowing systems administration and technical support staff to
conduct their activities within the framework of the company policies.
Scope
This policy applies to all user account and all other computing
accounts provided to Caretel employees, contractors, trainees, etc.
This policy is not limited to the Caretel, but applies to any access,
remote or local, to any computing resources administered by Caretel.
Policy Description
Internal
performed
in
accordance
with
the
Password
Usage
and
Management Policy.
Account Privileges
Technical Support department is to restrict and control the allocation
and use of system privileges on each computer platform. In particular,
access to operating systems and applications is to be generally
restricted to designated administrators and support staff who are
associated with the management and maintenance of the respective
platforms. Users are to be given specific account profiles and
privileges as defined and authorized by their respective reporting
officer in accordance with their particular function or role. When
creating user-accounts, system administrators must take care to
ensure that users are only granted access to systems and resources
that have been approved and which are necessary for business
purpose. User privileges are to be reviewed on a regular and frequent
basis and withdrawn where the circumstances of those who have been
granted privileges no longer warrant such access.
Account Management
Internal
when
members
of
the
staff
leave
employment.
Use of Accounts
Passwords
All user accounts must be assigned passwords which meet the
standards in the Password Policy. In accordance with the Password
Policy all users are required to change their initial log-on password
the first time that they log onto a system where the system itself does
not automatically enforce this requirement.
Privileged Accounts
Privileged account holders must not allow other users, including
administrators and computer support staff, access to systems under
their logon unless they are present for the duration of all activity.
Access Parameters
In accordance with the Acceptable Use Policy under no circumstances
are users to attempt to access systems, applications or data which
their user account does not naturally provide access to and for which
they have not been granted specific permission.
Internal
Network Privileges
Most network users will have access to the following types of
network resources.
Email - Most users will have full access to their own email. They
will not be able to transfer ownership to someone else.
Internal
Requester
New
Employee
Existing
Employee &
New
Employee
Approval
Requirement
Department's
Shared Drive &
other public drive
or folders, Intranet
Default Read
permission
No
Department's
Shared Drive
Existing
Employee &
New
Employee
Cross Functional
Shared Drive
Reporting
Officer
Reporting
Officer &
Cross
Functional
head
Admin Privileges
Root is the Admin ID for all servers and all servers are accessible
through one Admin ID.
Enforcement
Internal
Policy Review
The policy will continue to be in force unless superseded by a fresh
policy. Caretel management reserves the right to amend, abrogate,
modify, rescind / reinstate the entire Policy or any part of it at any
time.
References
Caretel IT Security Policy 1.0
ISO 27001 References
11.6 Application and information access control
11.2 User access management
11.4.1 Policy on use of network services
Support
would
be
responsible
for
execution
and
Glossary
NA
Internal