IT User Access Policy

This policy/standard document establishes the User access policy for [Company name]. User access must be provided according to the principles of “least privilege” and "need to know" required for achieving the desired function. The purpose of this Standard is to set out the rules under which access to [Company Name] information systems are provided, controlled and managed.

Did your company establish and follow specific access control practices to protect their information and systems from unauthorized access? Think about modification, disclosure or destruction and to ensure that information remains accurate, confidential, and is available when required. Information systems include:

This standard applies to all users of the IT system, including (but not limited to) staff (including casuals and volunteers), consultants and contractors, third parties, agency staff, associates and visitors to the Company.

Appropriate data security controls reduce the likelihood (and impact) of data breach incidents during various phases of the data lifecycle. The purpose of this standard is to set out the rules for securing the companies' data during transmission and storage. This document provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS).

Nowadays, with the digitalization of our society, the need for data protection became more important. The latest IT Security Standards involve the application of technology to broader social and institutional contexts, and thereby contributes to the servitization of companies, and affects how they compete and interact. This document contains security technology solutions to protect data classified as “Highly Sensitive”, “Sensitive”, “Private” or “Public” as per the Data Classification Standard and Data Handling Guidelines. Specifically: