...
| Expand | ||
|---|---|---|
| ||
Does your organisation regularly audit employee access rights for all IT services (whether internal or third party based)? Yes. Each service is on an automated schedule for access rights reviews. Depending on the level of risk associated with each service, these are 1x, 2x or 4x per year. Services like AWS are reviewed quarterly, and services like Adobe (that holds no confidential or personal information) are reviewed annually. More information: https://commonplace.atlassian.net/l/cp/6MA9BJ9F |
| Expand | ||
|---|---|---|
| ||
Does your organisation use Privileged Access Management controls to securely manage the use of privileged accounts for system administration? Only IT admins have administrative access on employee machines. Employees may sometimes be granted permission to perform advanced tasks as an admin but the access is revoked automatically after a given time. |
...