773 B
773 B
Access Control Policy
Version: 1.4 | Owner: IT Security | Classification: Internal
Principles
All access rights must be granted on a need-to-know basis (principle of least privilege). Access reviews are conducted quarterly by department managers.
Joiner / Mover / Leaver
| Event | Action | Timeline |
|---|---|---|
| Joiner | Provisioning ticket to IT | Before first day |
| Internal move | Access review with old and new manager | Within 5 working days |
| Leaver | Immediate revocation | Within 2 hours of exit |
Privileged access
All privileged accounts require:
- Separate named account (no shared admin accounts)
- Approval from department head + CISO
- Annual re-certification
- Session recording in CyberArk