What does information access control mean?
Information access control means managing, monitoring and updating who has access to which data or systems. People log into the systems using their logins or another form of digital identity. The company must be sure that each person is assigned the correct authorization and that it is not shared with others. This applies to both employees and, for example, external workers, third parties or customers. Improperly set permissions lead to unauthorized access to information and may result in a breach of confidentiality.
How can the access to the information be controlled?
- by technical means such as passwords, logins and the like
- legal means such as contracts, NDAs, enforcement by policy or regulation
- if the information is in paper form, you limit access by entering the premises where the papers are
How Aptien can help with information access control
In practice, access management in organizations fails especially when assigning, changing (they are not done legally) or removing authorization (authorization is not removed). It is mainly about the processes of starting and leaving an employee