(7.1) Procedures for data control must be maintained by each department and must incorporate the following:

• Access rights to privileged User IDs are restricted to least privileges necessary to perform job responsibilities
• Assignment of privileges is based on individual personnel’s job classification and function
• Requirement for an authorization form signed by management that specifies required privileges
• Implementation of an automated access control system

Posted in Policy |