- Internal -

IS/DPP Baseline Training

E-learning – Part 5 – Access

2- Internal - Page

There are “3rd Parties” and “3rd Parties”

Environment

Physical

HumanDevice

Application

Repository

Carrier

Changes• In the regulatory environment• In processes• In people (JLT)• In technology

Net

wor

k

Data

3rd Parties

But important roles as well for:

- HR

- Line Management / Sponsor

- All of Us

3- Internal - Page

“No contract, no data”

Prerequisite: Contract

4- Internal - Page

The Rule

5- Internal - Page

Request

Only ask those access rights you require.

If you no longer need access rights, inform IT or HR they can close them.

6- Internal - Page

Authorization

Authorization is function / role based (“need-to-know”).

Authorizations are not always equal to access rights.

7- Internal - Page

Access Rights

Access rights determine what you can see, not what you should look at in the context of your work (need-to-know). Your authorization and need-to-know always prevails on what you technically can.

Don’t use your access rights for private purposes, not even to look at your own data.

8- Internal - Page

Access Rights Are Precious

Perform all your activities with your personal user ID.

Your personal user ID is being used only by you and no one else.

Do not share your access rights.

2 mei 2023

9- Internal - Page

Behind the Curtains

When you join ABC Group or a new unit your authorizations and access rights may be requested by HR and/or your line management.

ABC Group is also working on a periodic review of access rights in a cooperation between you, your line management, HR, and the Information Asset Owners.

10- Internal - Page

Key Takeaways

You should only have access rights and use them as your job requires (need-to-know).

You should pro-actively (help) manage your access rights.

Your access rights are personal and should not be shared.

30 sec IS/DPP survival kit

Wra

p U

p