Access Control Policy. Supplier shall establish, document, and, upon UL Solutions’ request, communicate to UL Solutions, a formal access control policy based on business and security requirements for access. Access control rules shall account for and reflect Supplier's policies for information dissemination and authorization, and these rules shall be supported by formal procedures and clearly defined responsibilities. Access control rules and rights for each user or group of users shall be clearly stated. Access controls must be both logical and physical. Users and service providers shall be given a clear statement of the business requirements to be met by access controls. The policy shall be reviewed and updated at least annually.
Access Control Policy. An access control policy is established, documented, and reviewed based on business and information security requirements.
Access Control Policy. Supplier shall establish, document, and communicate to Buyer a formal access control policy based on business and security requirements for access. Access control rules shall account for and reflect Supplier's policies for information dissemination and authorization, and these rules shall be supported by formal procedures and clearly defined responsibilities. Access control rules and rights for each user or group of users shall be clearly stated. Access controls must be both logical and physical. Users and service providers shall be given a clear statement of the business requirements to be met by access controls. The policy shall be reviewed at least annually and updated as needed to ensure accuracy and effectiveness.
Access Control Policy. 21.1. The Data Processor shall have an access control policy which is documented and reviewed periodically based on business and information security requirements.
Access Control Policy. Access Control systems are in place to protect the interests of all users of Dorset Chamber computer systems by providing a safe, secure and readily accessible environment in which to work. • Dorset Chamber will provide all employees and other users with the information they need to carry out their responsibilities in an as effective and efficient manner as possible. • Generic or group IDs shall not normally be permitted, but may be granted under exceptional circumstances if sufficient other controls on access are in place. • The allocation of privilege rights (e.g. local administrator, domain administrator, super-user, root access) shall be restricted and controlled, and authorization provided jointly by the system owner and IT Services. Technical teams shall guard against issuing privilege rights to entire teams to prevent loss of confidentiality. • Access rights will be accorded following the principles of least privilege and need to know. • Every user should attempt to maintain the security of data at its classified level even if technical security mechanisms fail or are absent. • Users electing to place information on digital media or storage devices or maintaining a separate database must only do so where such an action is in accord with the data’s classification. • Users are obligated to report instances of non-compliance to Dorset Chamber CISO. • Access to Dorset Chamber IT resources and services will be given through the provision of a unique Active Directory account and complex password. • No access to any Dorset Chamber IT resources and services will be provided without prior authentication and authorization of a user’s Dorset Chamber Windows Active Directory account. • Password issuing, strength requirements, changing and control will be managed through formal processes. Password length, complexity and expiration times will be controlled through Windows Active Directory Group Policy Objects. • Access to Confidential, Restricted and Protected information will be limited to authorised persons whose job responsibilities require it, as determined by the data owner or their designated representative. Requests for access permission to be granted, changed or revoked must be made in writing. • Users are expected to become familiar with and abide by Dorset Chamber policies, standards and guidelines for appropriate and acceptable usage of the networks and systems. • Access for remote users shall be subject to authorization by IT Services and be provided ...
Access Control Policy. Access Control systems are in place to protect the interests of all users of the Company computer systems by providing a safe, secure and readily accessible environment in which to work.
Access Control Policy. Data importer shall maintain an access control policy for all assets that handle personal data. Data importer shall formally approve, publish and implement such access control policy.
Access Control Policy. Iron Mountain maintains access control policies with respect to information processing assets that Iron Mountain formally approves, publishes and implements.
Access Control Policy. PURPOSE To protect an Individual’s health information from unauthorized use, the OKSHINE shall verify the identity of Participants and their Authorized Users before access to OKSHINE is granted. Health information available through OKSHINE shall be accessed only by Authorized Users who have been granted access rights.
Access Control Policy. Access Control systems are in place to protect the interests of all users of Gateway Solutions