The IT Access Control Policy Procedure prevents unauthorized access to—and use of—your company’s information. IT Access Control Policies and Procedures ensures your information’s security, integrity and availability to appropriate parties. The IT Access Control Policy Procedure applies to all company information and to all storage access methods. (14 pages, 2495words)
IT Access Control Responsibilities:
The Human Resources Manager is responsible for reviewing requirements for access (with Information Technology Managers) and Access Control Policy user training.
Information Technology Managers are responsible for reviewing access requirements, convening the Security Review Committee to review the Plan, and verifying updates to the Plan.
The Information Technology Security Manager is responsible for developing an Access Control Policy Plan, presenting the Plan to the Security Review Committee for review, communicating the Plan to Human Resources, monitoring the Plan, revising the Plan, as needed, and enforcing the Plan.
The Security Review Committee is responsible for reviewing and approving the Plan.
Users are responsible for knowing and following the Plan.
IT Access Control Policy Definition:
Access control – Enforcement of specified authorization rules based on positive identification of users and the systems or data they are permitted to access (or, providing access to authorized users while denying access to unauthorized users).