In the second part of the Toolkit Insider Series, we will be taking a closer look at the access control policy from our Cyber Essentials Toolkit. Find out below who is responsible for the policy, the benefits of having it in place and what you must consider when creating your user applications.
The Cyber Essentials Toolkit
Built on expert knowledge gained from numerous cyber security implementation projects, this toolkit includes work procedures and processes for ensuring that the controls you are implementing, according to the requirements of the scheme, are effective in delivering what they intend to do.
Access Control Policy
Who is responsible?
The Information Security Manager owns this document. They will need to get the policy approved by the board and ensure it is available for all members of staff. They are also responsible for getting the policy reviewed every time it is edited.
The benefits of an access control policy
An access control policy isn’t just a requirement for Cyber Essentials certification – a well-planned policy will help you comply with the GDPR (General Data Protection Regulation) and implement ISO 27001.
By having an access control policy, you can minimise the damage if an account is misused or stolen. If an issue occurs, the policy will help you make sure employees have enough access to software, online services and settings in order to be secure, and so that they can fulfil their daily tasks.
Inside our Access Control Policy
Here is a sample of our Access Control Policy, outlining what you need to take into account for each user application.
Next week we will be analysing the Controls Against Malicious Code Procedure template.
20% discount on all Cyber Essentials products
Throughout August, IT Governance Publishing is offering a 20% discount on all Cyber Essentials products, including the Cyber Essentials Toolkit. Just enter code CYBER20 at the checkout to receive your discount.
Interested in this document?
To purchase the Access Control Policy separately, please contact us at firstname.lastname@example.org.