User access controls. 3.1 The Applicant shall ensure that access to Personal Data shall be controlled through access privileges (described above), usernames and appropriately secure passwords.
3.2 The Applicant shall ensure that employees or contractors should not share or use the same username, and exceptions must be documented with adequate mitigations described and auditable.
3.3 Use of multi-factor authentication should be used to authenticate authorised users of IT systems.
User access controls. 4.1 The Applicant Institution shall ensure that access to the Materials is controlled through access privileges as set out above. The use of usernames or user accounts and appropriately secure passwords is required as a minimum. Additional appropriate controls may include the use of passwordless technologies and the use of multi-factor authentication.
4.2 The Applicant Institution shall ensure that authorised individuals do not share or use the same user account, and exceptions must be documented with adequate mitigations described and auditable.
4.3 Use of multi-factor authentication is highly recommended to authenticate authorised users of IT systems.
User access controls. 4.1 The Collaborator Institution shall ensure that access to the Materials is controlled through access privileges as set out above. The use of usernames or user accounts and appropriately secure passwords is required as a minimum. Additional appropriate controls may include the use of passwordless technologies and the use of multi-factor authentication.
4.2 The Collaborator Institution shall ensure that authorised individuals do not share or use the same user account, and exceptions must be documented with adequate mitigations described and auditable.
4.3 Use of multi-factor authentication is highly recommended to authenticate authorised users of IT systems.
User access controls. UA-1: User Access Controls UA-1.1 Voya implements and maintains identity management system(s) and authentication process(es) for all systems that access, process, store, or transmit Client PI. UA-1.2 Voya ensures that the following user access controls are in place: UA-1.2A The “Least Privilege” concept is implemented ensuring no user has more privileges than they require in performing their assigned duties.
User access controls. Each MSD Portal User must sign a Certificate of Confidentiality (IR820). That form includes the following provision, which signatories acknowledge when signing the form: Released Under The Official Information Act 1982
User access controls. The supplier must describe how user access will be controlled to all components of their solution. Unlimited admin-level rights are not permitted on workstations connected to the Trust. The supplier must provide details of the user access levels required on workstations and describe how this is controlled including any windows group/local policies that may be applied. Full domain administrative level rights are restricted to designated Trust IT staff only. Where administrative level permissions are required to the Trust’s domain by the supplier, the supplier must explain what these rights are and why they are necessary. The system must provide a comprehensive access control functions which allow a systems administrator to allocate granular access rights to users, thereby controlling the viewing, insertion, amendment, deletion, viewing of sensitive data and additional password protection of all of the system's modules and functions.
User access controls controls that will allow only appropriate users to access the Portal; and
