Data Access and User Authentication Policy
Subscriber Content
Access Management Standards for Secure and Controlled User Access
The purpose of this access management standard is to ensure that access to all company systems and applications is properly approved and monitored. This policy provides overall guidance for the consistent granting, monitoring and removal of user access to a company’s system environment.
Sample procedures include: access must be granted using approved and established role-based security; roles and their system functionality are well-defined and documented; changes to access roles must follow the previously discussed approval requirements; and segregation of duties incompatibilities are documented for each system and are confirmed before roles are assigned to individual user IDs.