Access Control Policy

What an Access Control policy contains, how to write it and a downloadable template.

Estimated reading time: 3 minutes

What is the Access Control Policy?

The ISO 27001 access control policy ensures the correct access to the correct information and resources by the correct people. In this policy you want to cover confidentiality agreements being required to access systems, access to systems be role based in that the role defines the access. One user one ID and the unique nature of access identifiers to ensure you can control access but also identify who has performed what action. The review of access rights on a periodic basis is include to ensure users are current and that the access levels are appropriate. The use of administrator and privilege accounts and the additional considerations for these accounts is included. The policy on passwords is considered including how they set, communicated and the password complexity. How you manage starters, leavers and movers is covered as is monitoring and reporting of access. Remote access and third party access is included.

Access Control Policy
Access Control Policy

Access Control Policy Contents

Document Version Control
Document Contents Page
Physical Access
Access Control Policy
Confidentiality Agreements
Role Based Access
Unique Identifier
Access Authentication
Access Rights Review
Privilege Accounts / Administrator Accounts
User Account Provisioning
Remote Access 1
Third Party Remote Access
Monitoring and Reporting
Policy Compliance
Compliance Measurement
Continual Improvement

Shopping Cart