Maintain technical, logical, and administrative controls designed to limit access and adhering to the “principle of least privilege”
Restrict logical access to client data to authorised users, based on a specific business need and following approval by designated systems owners
Maintain access management policies and practices that require prompt termination of access after termination or reassignment of an employee or system end-user
Restrict access to system resources to authorised employees with valid multi-factor authentication (MFA) tokens over an encrypted virtual private network (VPN) connection
Ensure passwords require minimum character length and complexity, and a limit on the number of attempts to enter a password before the user ID is suspended
Maintain technical controls and audit policies to ensure that all system access/ technology changes are logged and traceable against unique user IDs
Stay in touch
Stay updated with the latest trends. Sign up for our newsletter.
