Version: 1.0
Date: 01 September 2024
Author: Oliver Hill
Purpose
Scope
People
Systems
Physical Access
Access Control Policy
Principles
Confidentiality Agreements
Role-Based Access & Unique Identifiers
Access Authentication
Access Rights Review
Privileged Accounts/Administrator Accounts
Passwords
User Account Provisioning
Leavers
Authentication
Remote Access
Secure Remote Access
Third-Party Remote Access
Techwise Device Access
Monitoring and Reporting
Policy Compliance
Compliance Measurement
Exceptions
Non-Compliance
Continual Improvement
This policy establishes the framework for managing and controlling access to Techwise Support’s information systems, ensuring that access is restricted to authorized users and aligns with business and security requirements.
This policy applies to all Techwise Support employees, contractors, and third-party vendors who require access to the company’s systems, data, and physical facilities.
All individuals with access to Techwise Support’s systems, including employees, contractors, and third-party vendors, are subject to this policy.
This policy applies to all information systems, applications, databases, networks, and physical resources owned or managed by Techwise Support.
Access to Techwise Support’s physical locations is controlled and restricted to authorised personnel. Facilities are equipped with security measures such as keycards, ID badges, and surveillance systems.
Access to systems and data is based on the principles of least privilege, need-to-know, and role-based access control (RBAC).
All employees and third parties must sign confidentiality agreements before being granted access to sensitive data.
Access is granted based on user roles, with each user assigned a unique identifier for tracking and auditing purposes.
Access rights are reviewed periodically to ensure they are still appropriate for the user’s role.
Privileged accounts are restricted to authorized personnel only, and their use is closely monitored.
Passwords must meet complexity requirements and be changed regularly. Multi-factor authentication (MFA) is required for access to critical systems.
Access for employees leaving the company or changing roles must be revoked or adjusted promptly.
All users must authenticate through secure methods, including MFA, when accessing Techwise Support systems.
Remote access is permitted only through secure, encrypted connections, such as VPNs.
Third-party access is granted on a need-to-know basis, with all actions monitored and logged.
Techwise Support may require access to client devices for the purpose of providing support, monitoring, or troubleshooting. Such access will only be undertaken with the explicit, recorded permission of the client. Access sessions will be logged, and where applicable, may be monitored or recorded to ensure accountability and transparency.
Access logs are continuously monitored, and suspicious activities are flagged for review. Regular audits are conducted to ensure compliance with this policy.
Compliance with this policy is measured through regular audits and monitoring.
Any exceptions to this policy must be approved by senior management and documented.
Non-compliance with this policy may result in disciplinary action, including termination of employment or contracts.
This policy will be reviewed and updated annually or after significant changes in the IT environment or business operations. Feedback from audits, incidents, and employees will be used to continually improve access control measures.