...
| Expand | ||
|---|---|---|
| ||
Does your organisation have a documented process for provisioning user accounts for all of your IT services that includes appropriate authorisation and secure account creation with unique user IDs? We have an access control procedure that requires all requests to be submitted via a centralised channel that is overseen by the CEO, CPTO and InfoSec Officer. Approval for account creation is given by one of these roles (typically CPTO) and actioned by an appropriately authorised individual. More information: https://commonplace.atlassian.net/l/cp/epDzN51a |
| Expand | ||
|---|---|---|
| ||
Does your organisation enforce multi-factor authentication (aka MFA and sometimes referred to two factor authentication, 2FA) on all remotely accessible services (both within your internal IT systems and on third party services)? Where available, MFA is in use for our systems and enforced on all critical systems such as AWS. If MFA is unavailable, we will always seek to use Single Sign On via Google. If neither MFA nor Single Sign On is available, employees are required to store unique and complex passwords in their 1Password application. For the Commonplace product, two factor authentication is in place for account creation via a personalised link in invitation email, but not on login. A new multi-factor authentication solution is on the roadmap and will be developed in the future. |
...