| Page Properties | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...
The Access Management Procedure for ecoPortal systems can be found in Appendix A to this policyfollows these steps:
Request Process:
1. Any individual requiring access or revocation to privileged information must submit a request or have a request submitted in writing to the designated personnel responsible for managing privileged information access.
2. The request should clearly outline the purpose and justification for accessing or revoking the access to the privileged information.
3. The request should also include the specific details of the information being requested if access is being granted, such as file names, database tables, or other relevant identifiers.
Approval and Authorization:
1. The request will be reviewed and approved by the designated personnel responsible for managing privileged information access.
2. The approval process may involve verifying the requester's need-to-know basis, ensuring compliance with relevant policies, and assessing potential risks associated with granting access.
3. Only authorized personnel with a legitimate business need will be granted access to the requested privileged information. All access will be granted based off the least privilege required.
4. The approval decision will be communicated to the requester in a timely manner.
Documentation:
1. All requests and approvals for privileged information access or revocation must be sufficiently documented/able to be provided for auditing purposes.
2. Any changes or updates to the access permissions should be properly recorded and documented.
User Responsibility for the Management of Secret Authentication Information
...