Business requirements of access control. The organization’s requirements to control access to information assets are clearly documented in an access control policy and procedures. Network access and connections should be restricted. The allocation of access rights to users is controlled from initial user registration through to removal of access rights when no longer required, including special restrictions for privileged access rights and the management of passwords and regular reviews and updates of access rights take place. In access management, the criterion of minimizing access rights is used, which are issued in order to allow the user access to the data necessary for his activity. Additional access rights require specific authorization. Users are made aware of their responsibilities towards maintaining effective access controls e.g. choosing strong passwords and keeping them confidential. Information access is restricted in accordance with the access control policy through secure log-on, password management, control over privileged utilities and restricted access to program source code.
Appears in 5 contracts
Samples: Personal Data Processing Agreement, Personal Data Processing Agreement, Personal Data Processing Agreement
