WHY IS ACCESS CONTROL IMPORTANT?

/0 Comments/in /by

Access controls limit access to information and information processing systems. When implemented effectively, they mitigate the risk of information being accessed without the appropriate authorization, unlawfully, and the risk of a data breach. They apply anywhere access is required to perform a business activity and should be adhered to when accessing information in any format, on any device.

In practice it is not uncommon for access to information to be overly restrictive, resulting in information silos. Whilst a focus on security and privacy is obviously needed to protect business information and meet data protection legislation obligations, there must also be a balance with accessibility. Opening up information assets supports collaboration and innovation, and in our experience supports successful eDRMS (electronic document and records management system) projects.

To implement an effective access control environment, we recommend the following six areas are given careful consideration:

1. ACCESS CONTROL PRINCIPLES

Guiding principles that provide rules for all implementations of access to networks, systems, information, and data. This can include principles relating to:

  • Access approval by a registered owner (e.g. an information, business, or system owner)
  • The sharing of personal data
  • Role and group-based access

2. WHO DETERMINES ACCESS?

What roles understand and approve access requests? Do you have Information on Asset Owners? In practice will they delegate responsibility for determining access to a Line Manager?

3. WHO ENSURES APPROPRIATE ACCESS IS IMPLEMENTED?

Is this your helpdesk? Do you have Information Champions who can ensure access is implemented correctly and that it is appropriate?

4. HOW ACCESS WILL BE DOCUMENTED

Access controls must be documented to provide evidence of the controls implemented. This can be in an Information Asset Register, helpdesk system, or even Active Directory

5. HOW THE ACCESS CONTROLS WILL BE IMPLEMENTED

Do you have a Business Classification Scheme or an eDRMS that will support the implementation of access controls? Do your new starter, transfers and leaver processes ensure access is set up, amended, or revoked where and when necessary?

6. PERIODIC AUDIT PROCEDURE

Access controls should be audited on a periodic basis to ensure controls align to what is needed and is documented. Would this be done by your helpdesk?

Access controls are an essential part of an information security framework. Reviewing these six areas will give your organization a solid foundation for controlling user access to information and systems, that meets your legislative, statutory, regulatory, and contractual requirements.

If you would like to know how to go about articulating access controls in a model or policy, get in touch with Electrical Service Professionals!

You might also like
9 Common Electrical Problems That Can Disrupt Your Business
Why You Need a Commercial Electrician for Your Business
Business Energy-Saving Tips
Signs Your Commercial Electrical System Needs Upgraded
Cost Saving Solutions & Commercial Buildings
How You Can Prevent the Negative Effects of Power Outages
5 Reasons to Upgrade to LEDs in 2021
The Advantages of Parking Lot Lighting
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *