...
| Expand | ||
|---|---|---|
| ||
Does your organisation enforce multi-factor authentication (aka MFA and sometimes referred to two factor authentication, 2FA) on all remotely accessible services (both within your internal IT systems and on third party services)? Where available, MFA is in use for our systems and enforced on all critical systems such as AWS. If MFA is unavailable, we will always seek to use Single Sign On via Google. If neither MFA nor Single Sign On is available, employees are required to store unique and complex passwords in their 1Password application. For the Commonplace product, two factor authentication is in place for account creation via a personalised link in invitation email, but not on login. A new multi-factor authentication solution is on the roadmap and will be developed in the future. More information: https://commonplace.atlassian.net/l/cp/DvBykkLj |
| Expand | ||
|---|---|---|
| ||
Are privileged access accounts, and accounts of a sensitive nature, subject to a higher level of authorisation than user accounts before being provisioned? For employees, all access requests require approval before account creation, which also applies to privileged and sensitive accounts. Approval will only be granted to appropriate employees. Regular training on both information security and data protection is delivered as eLearning with tests to ensure understanding. Further resources are provided via our intranet service. For customers, all access requests require an invitation by their Commonplace Customer Success Manager or by an existing Admin or Lead Admin on the customer account. |
...