Principle of Least Privilege

Owned by Roxy Sanchez
Dec 09, 2022
1 min read

Does your organisation restrict employee access to business information based upon the principle of least privilege?

Yes.

Employees are granted access only to systems and resources required to complete their job functions. Administrative or other elevated permissions are strictly controlled and only granted when absolutely required. Generally, this is privileged access is only granted to those in more senior roles. eg. admin access to Commonplace platform infrastructure is only granted to the CPTO, Head of Technology and Tech Leads.

All access is recorded and reviewed on a regular basis (frequency is dependent on the criticality and sensitivity of the system and data) to ensure access remains in line with the restricted approach.