IS/DPP for staff #5a - Access
-
Upload
tommy-vandepitte -
Category
Education
-
view
2 -
download
0
Transcript of IS/DPP for staff #5a - Access
- Internal -
IS/DPP Baseline Training
E-learning – Part 5 – Access
2- Internal - Page
There are “3rd Parties” and “3rd Parties”
Environment
Physical
HumanDevice
Application
Repository
Carrier
Changes• In the regulatory environment• In processes• In people (JLT)• In technology
Net
wor
k
Data
3rd Parties
But important roles as well for:
- HR
- Line Management / Sponsor
- All of Us
3- Internal - Page
“No contract, no data”
Prerequisite: Contract
4- Internal - Page
The Rule
5- Internal - Page
Request
Only ask those access rights you require.
If you no longer need access rights, inform IT or HR they can close them.
6- Internal - Page
Authorization
Authorization is function / role based (“need-to-know”).
Authorizations are not always equal to access rights.
7- Internal - Page
Access Rights
Access rights determine what you can see, not what you should look at in the context of your work (need-to-know). Your authorization and need-to-know always prevails on what you technically can.
Don’t use your access rights for private purposes, not even to look at your own data.
8- Internal - Page
Access Rights Are Precious
Perform all your activities with your personal user ID.
Your personal user ID is being used only by you and no one else.
Do not share your access rights.
2 mei 2023
9- Internal - Page
Behind the Curtains
When you join ABC Group or a new unit your authorizations and access rights may be requested by HR and/or your line management.
ABC Group is also working on a periodic review of access rights in a cooperation between you, your line management, HR, and the Information Asset Owners.
10- Internal - Page
Key Takeaways
You should only have access rights and use them as your job requires (need-to-know).
You should pro-actively (help) manage your access rights.
Your access rights are personal and should not be shared.
30 sec IS/DPP survival kit
Wra
p U
p