The objective of this policy is to set the framework and regulations for controlling the logical access of users (employees and third-parties) to the Company information systems.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3.1 GENERAL ISSUES
3.2 USER IDENTIFICATION AND AUTHENTICATION
3.3 USER AUTHENTICATION MECHANISMS
3.4 USER ACCOUNT / NAME MANAGEMENT
3.5 PASSWORD MANAGEMENT
3.6 ADDITIONAL SECURITY CONTROLS FOR PRIVILEGED USERS
3.7 USER PRIVILEGES MANAGEMENT
3.8 OTHER ACCESS CONTROL MEASURES
5. FINAL CONSIDERATIONS
5.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
5.2 DOCUMENT REVISION
The objective of the Password Security Policy is to establish the minimum rules and requirements that must be enforced in order to ensure that strong passwords are created and protected by all Company’s users and systems.
The Remote Access Policy was developed by the Company in order to define a common minimum baseline level of security for the provision of access to Company’s systems from external locations (remote access connections used to do work on behalf of Company.