Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.2.1.2 Review User Accounts and Account Permissions<br />
Perform user account review at a pre-determined interval to ensure<br />
that users are provided with appropriate accounts and account<br />
permissions:<br />
• Validate each system user’s positional role within the<br />
organization.<br />
• Review system accounts and account permissions for each<br />
user.<br />
• Validate that each user’s account and account permissions<br />
meets the requirements established by positional role.<br />
4.2.1.3 Update Accounts to Reflect Change in Requirements<br />
Should account review determine that users have insufficient<br />
accounts or account permissions, the required accounts and/or<br />
permissions must be provided:<br />
• Where accounts exist but permissions are insufficient, modify<br />
the account to include appropriate permissions as per the<br />
requirements <strong>of</strong> the positional role.<br />
• Where accounts do not exist, create accounts with<br />
appropriate permissions as per the requirements <strong>of</strong> the<br />
positional role.<br />
• Review created accounts and assigned permissions to ensure<br />
they meet the requirements <strong>of</strong> the positional role.<br />
4.2.1.4 Disable and Remove Extraneous Accounts and Permissions<br />
Should account review determine that users have inappropriate<br />
accounts or account permissions, those accounts and/or permissions<br />
must be rescinded:<br />
• Eliminate extraneous permissions in allowed accounts.<br />
• Revoke access to, and eliminate permissions in extraneous<br />
accounts.<br />
• Review system logs to catalogue the activity <strong>of</strong> the account.<br />
• Assign short-term access with review only privileges to the<br />
user’s immediate manager to allow for investigation and<br />
review <strong>of</strong> any data that may have been created/modified.<br />
• At the request <strong>of</strong> the account assignee, provide copies <strong>of</strong> any<br />
data exclusively owned by the account to the account<br />
assignee.<br />
• Upon completion <strong>of</strong> all review and investigation, permanently<br />
delete any extraneous accounts.<br />
8