Document Version Control

Version Date Description Author
1.0 01 September 2024 Initial Policy Release Oliver Hill

 

Contents

  1. Purpose
  2. Scope
  3. People
  4. Systems
  5. Physical Access
  6. Access Control Policy
    • Principles
    • Confidentiality Agreements
    • Role-Based Access & Unique Identifiers
  7. Access Authentication
    • Access Rights Review
    • Privileged Accounts/Administrator Accounts
    • Passwords
  8. User Account Provisioning
    • Leavers
    • Authentication
  9. Remote Access
    • Third-Party Remote Access
  10. Monitoring and Reporting
  11. Policy Compliance
    • Compliance Measurement
    • Exceptions
    • Non-Compliance
  12. Continual Improvement

 

1. Purpose

This policy establishes the framework for managing and controlling access to Techwise Support’s information systems, ensuring that access is restricted to authorized users and aligns with business and security requirements.

 

2. Scope

This policy applies to all Techwise Support employees, contractors, and third-party vendors who require access to the company’s systems, data, and physical facilities.

 

3. People

All individuals with access to Techwise Support’s systems, including employees, contractors, and third-party vendors, are subject to this policy.

 

4. Systems

This policy applies to all information systems, applications, databases, networks, and physical resources owned or managed by Techwise Support.

 

5. Physical Access

Access to Techwise Support’s physical locations is controlled and restricted to authorised personnel. Facilities are equipped with security measures such as keycards, ID badges, and surveillance systems.

 

6. Access Control Policy

Principles

Access to systems and data is based on the principles of least privilege, need-to-know, and role-based access control (RBAC).

 

Confidentiality Agreements

All employees and third parties must sign confidentiality agreements before being granted access to sensitive data.

 

Role-Based Access & Unique Identifiers

Access is granted based on user roles, with each user assigned a unique identifier for tracking and auditing purposes.

 

7. Access Authentication

Access Rights Review

Access rights are reviewed periodically to ensure they are still appropriate for the user’s role.

Privileged Accounts/Administrator Accounts

Privileged accounts are restricted to authorized personnel only, and their use is closely monitored.

Passwords

Passwords must meet complexity requirements and be changed regularly. Multi-factor authentication (MFA) is required for access to critical systems.

 

8. User Account Provisioning

Leavers

Access for employees leaving the company or changing roles must be revoked or adjusted promptly.

Authentication

All users must authenticate through secure methods, including MFA, when accessing Techwise Support systems.

 

9. Remote Access

Secure Remote Access

Remote access is permitted only through secure, encrypted connections, such as VPNs.

Third-Party Remote Access

Third-party access is granted on a need-to-know basis, with all actions monitored and logged.

 

10. Monitoring and Reporting

Access logs are continuously monitored, and suspicious activities are flagged for review. Regular audits are conducted to ensure compliance with this policy.

 

11. Policy Compliance

Compliance Measurement

Compliance with this policy is measured through regular audits and monitoring.

Exceptions

Any exceptions to this policy must be approved by senior management and documented.

Non-Compliance

Non-compliance with this policy may result in disciplinary action, including termination of employment or contracts.

 

12. Continual Improvement

This policy will be reviewed and updated annually or after significant changes in the IT environment or business operations. Feedback from audits, incidents, and employees will be used to continually improve access control measures.