...
| Expand | ||
|---|---|---|
| ||
Does your organisation restrict employee access to business information based upon the principle of least privilege? Yes. Employees are granted access only to systems and resources required to complete their job functions. Administrative or other elevated permissions are strictly controlled and only granted when absolutely required. Generally, this is privileged access is only granted to those in more senior roles. eg. admin access to Commonplace platform infrastructure is only granted to the CPTO, Head of Technology and Tech Leads. All access is recorded and reviewed on a regular basis (frequency is dependent on the criticality and sensitivity of the system and data) to ensure access remains in line with the restricted approach. More information: https://commonplace.atlassian.net/l/cp/StpXL2W4 |
| Expand | ||
|---|---|---|
| ||
Does your organisation have an internal audit function that ensures information security requirements are being met by the business? Yes. Our ISMS is audited annually both internally and externally. along with other review mechanisms as part of our ISO27001 requirements. |
...