...
| Expand | ||
|---|---|---|
| ||
Does your organisation have a process for editing or removing employee access to systems and information (whether digital or physical) when they are changing role or leaving the organisation? Yes. We have an offboarding process for all leavers which includes removing access to systems and information when they leave. When an employee changes role, we also review their access rights. More information: https://commonplace.atlassian.net/l/cp/h1Jccs9A |
| Expand | ||
|---|---|---|
| ||
Does your organisation have a documented process for provisioning user accounts for all of your IT services that includes appropriate authorisation and secure account creation with unique user IDs? We have an access control procedure that requires all requests to be submitted via a centralised channel that is overseen by the CEO, CPTO and InfoSec Officer. Approval for account creation is given by one of these roles (typically CPTO) and actioned by an appropriately authorised individual. |
...