The IT Access Control Policy Procedure prevents unauthorized access to—and use of—your company’s information. IT Access Control Policies and Procedures ensures your information’s security, integrity and availability to appropriate parties. The IT Access Control Policy Procedure applies to all company information and to all storage access methods. (14 pages, 2495words)

IT Access Control Responsibilities:

The Human Resources Manager is responsible for reviewing requirements for access (with Information Technology Managers) and Access Control Policy user training.

Information Technology Managers are responsible for reviewing access requirements, convening the Security Review Committee to review the Plan, and verifying updates to the Plan.

The Information Technology Security Manager is responsible for developing an Access Control Policy Plan, presenting the Plan to the Security Review Committee for review, communicating the Plan to Human Resources, monitoring the Plan, revising the Plan, as needed, and enforcing the Plan.

The Security Review Committee is responsible for reviewing and approving the Plan.

Users are responsible for knowing and following the Plan.

IT Access Control Policy Definition:

Access control – Enforcement of specified authorization rules based on positive identification of users and the systems or data they are permitted to access (or, providing access to authorized users while denying access to unauthorized users).

IT Access Control Policy Procedure Activities

Planning IT Access Control Policy
IT Access Control Plan
IT Access Control Plan Review
IT access Control Plan Update

IT Access Control Policy Procedure References

ISO/IEC Standard 27002:2013- Information Technology-Code of Practice for Information Security Management
IEEE 802.1X- Port-Based Network Access Control Standard
IEEE Special Publication 802.12- An Introduction to Computer Security- The NIST Handbook