An access control policy defines rules for keeping under control people's access to information and applications or access to physical premises and locations such as buildings, rooms, and the like. It ensures that the security is maintained through controlled processes of issuing, changing, monitoring and revoking permissions. Access authorization (login, access card, key) gives the employee the right to enter designated locations or information.
Why the Access Control Policy is important
- It defines who is allowed to enter somewhere and who is not allowed to enter and why
- Defines the processes of assigning or removing an access
- Having control over issued and taken away access is critical from a physical and cyber security perspective
What an access control policy typically contains
The access control directive is usually part of the security directive in the organization.
- Scope, purpose and goals of access control in an organization
- Organizational safety assurance
- Responsibilities of workers
- Processes for issuing, changing and withdrawing access
- Description of access rights to objects, buildings, rooms
- Emergency procedures when access is lost, stolen or broken
- Control processes
How Aptien helps with the Access Control Policy
- You keep the directive for access control in the policy organizer
- Employees see the access control policy in the policy portal
- You control who has been acknowledged with the access control policy
- Digital transmission will make it easier for you to issue or withdraw access
How to keep an access control policy
- You add an access control policy to the Policy Organizer
- Employees can see the guidelines on the guidelines portal
- They can get to know them digitally, confirm that they know them
- A policy manager or security manager has policy management available