Access Rights

13/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

Access rights (also called permissions or privileges) are rules that define who can use a computer system and what they’re allowed to do. They control access to things like files, folders, and applications. For example, a user might have the right to read a file but not to change or delete it. This helps keep data safe and private.

Examples

Imagine a shared school computer. The teacher has full access rights, so they can add or remove student accounts and change grades. Students have limited access rights. They can open and save their own homework files but can’t change the teacher’s files or install new programs. A company’s HR department might have access to employee salary data, but regular employees don’t.

Context

Access rights are a core part of computer security. They ensure that only authorised people can see or change important information. This is crucial for protecting against data theft, accidental changes, and misuse of systems. By assigning specific rights to users or groups, an organisation can maintain control and accountability.

Relevant ISO 27001 Controls

The following controls from the ISO/IEC 27001:2022 standard are related to access rights:

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.