Sample Account Management Policy
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Sample Account Management Policy as PDF for free.
More details
- Words: 957
- Pages: 4
Sample Document
Account Management Policy (Version 1) 1.
Overview User/Network accounts control access to the company’s technology resources. They are critical to any IT security program, and the proper creation, control, and supervision of all User/Network accounts is vital.
2.
Scope This policy applies to all accounts (or any form of access that supports or requires User/Network ID) on any system that resides at any company facility, has access to the company network, or stores any non-public company information.
3.
Policy 3.1. General The ___ is responsible for ensuring that this policy is adhered to. All authorized users will be provided a unique User/Network account for their sole use. All accounts must be uniquely identifiable by an assigned user name. All accounts must have a password that complies with the Password Policy. Accounts will be administered by a Designated Account Administrator (DAA) Five types of User/Network accounts are used by the company: Individual Accounts Individual accounts are the primary and preferred method of providing access to the company’s IT resources. Users are accountable for their actions and can be audited by the systems to which they have access rights. Individual users must adhere to the terms and conditions of use set forth in the company’s policies relating to technology, e-mail, the internet, and computers.
Sample policy from AAA Technical Writing: Account Management Policy (Version 1)
Page 2 of 4
Administration (Privileged) Accounts IT Administrative/Operational staff can be granted privileged accounts that permit elevated access rights for specific system or application support and maintenance. Generic/built-in privileged accounts (e.g., Windows domain and local administrator, etc.) shall not be used for daily systems administration. Use a company privileged account instead. Application-Specific Accounts An application-specific account controls access to individual applications available on the network. Access rights and privileges are programmed/configured within the application. These accounts must never be used for individual access to the network itself. Guest Accounts A guest account is associated with an account that has a generic ID rather than an individual User/Network ID (e.g., when a vendor is to be given access). Such accounts are intended for temporary (5 day maximum) use by a visitor who has been authorized by the designated account administrator or assistant. Guest accounts must be kept to a minimum. Their access is limited to a list of application programs, and they have, at most, restricted network access. Group Accounts A group account identifies a functional group or organization. It provides a group of users with a shared User/Network ID to access a common application or system. Group accounts are permitted only if: • There is a demonstrable need to provide “group” access because the overhead of individual accounts is not acceptable. • The number of applications accessible is kept to a minimum. Group accounts are provided with the minimum access privileges required to meet business needs (e.g., read/write access is not given when read-only access will suffice). Group accounts will not be used to permit remote access. Group account owners are responsible for their correct use at all times, and must maintain a complete list of staff members that use the account.
Sample policy from AAA Technical Writing: Account Management Policy (Version 1)
Page 3 of 4
3.2. Account Creation A user’s manager, or, in the case of a new employee, HR, must submit a request for the creation of a new account to ___. A new user is not permitted, under any circumstances, to inherit the User/Network ID that was originally assigned to another user. Before access is given to an account, all users should be provided with the company’s policies concerning technology, e-mail, the Internet, and computers. All default passwords for accounts must be constructed in accordance with the Password Policy. The Designated Account Administrator or assistant shall: • Create the user ID, the account, and a temporary password, and • Retain an account’s associated request and approval documentation.
3.3. Account Management The _____ must disable all new accounts that have not been accessed within 30 days of creation. Accounts of individuals on extended leave (more than 30 days) should be disabled. (Note: Exceptions can be made in cases where uninterrupted access to IT resources is required. In those instances, the individual going on extended leave must have a manager-approved request from the designated account administrator or assistant.) If an individual is assigned to another office for an extended period (more than 90 days), transfer the individual’s account(s) to the new office. (Note: To ensure minimum user disruption, transfer the user’s local/network resource in a timely manner—e.g., Exchange mailbox, local archived files, etc. Primary responsibility for account management belongs to the Designated Account Administrators. The DAA shall: • Modify user accounts in response to events like name changes, accounting changes, permission changes, or office transfers, • Periodically review existing accounts for validity, and • Cooperate fully with an authorized security team that is investigating a security incident or performing an independent audit review.
3.4. Account Removal A user’s manager must immediately notify __ or H.R. of changes in a user’s employment status (departure, extended leave, or absence of a contractor or consultant). The designated account administrator or assistant will then disable or remove all associated User/Network accounts.
Sample policy from AAA Technical Writing: Account Management Policy (Version 1)
Page 4 of 4
The designated account administrator or assistant will: • Ensure that disabled User/Network IDs are not re-issued to another user. • Leave the associated Network account disabled for 30 days to facilitate auto reply indicating that a person has left the company. (Remove the Network account after 30 days.) • Remove, after consultation with a user’s manager, redundant User/Network accounts that are no longer required.
4.
Version History Number
Date 1 April 15, 2009
Approved by Blair Bolles
Account Management Policy (Version 1) 1.
Overview User/Network accounts control access to the company’s technology resources. They are critical to any IT security program, and the proper creation, control, and supervision of all User/Network accounts is vital.
2.
Scope This policy applies to all accounts (or any form of access that supports or requires User/Network ID) on any system that resides at any company facility, has access to the company network, or stores any non-public company information.
3.
Policy 3.1. General The ___ is responsible for ensuring that this policy is adhered to. All authorized users will be provided a unique User/Network account for their sole use. All accounts must be uniquely identifiable by an assigned user name. All accounts must have a password that complies with the Password Policy. Accounts will be administered by a Designated Account Administrator (DAA) Five types of User/Network accounts are used by the company: Individual Accounts Individual accounts are the primary and preferred method of providing access to the company’s IT resources. Users are accountable for their actions and can be audited by the systems to which they have access rights. Individual users must adhere to the terms and conditions of use set forth in the company’s policies relating to technology, e-mail, the internet, and computers.
Sample policy from AAA Technical Writing: Account Management Policy (Version 1)
Page 2 of 4
Administration (Privileged) Accounts IT Administrative/Operational staff can be granted privileged accounts that permit elevated access rights for specific system or application support and maintenance. Generic/built-in privileged accounts (e.g., Windows domain and local administrator, etc.) shall not be used for daily systems administration. Use a company privileged account instead. Application-Specific Accounts An application-specific account controls access to individual applications available on the network. Access rights and privileges are programmed/configured within the application. These accounts must never be used for individual access to the network itself. Guest Accounts A guest account is associated with an account that has a generic ID rather than an individual User/Network ID (e.g., when a vendor is to be given access). Such accounts are intended for temporary (5 day maximum) use by a visitor who has been authorized by the designated account administrator or assistant. Guest accounts must be kept to a minimum. Their access is limited to a list of application programs, and they have, at most, restricted network access. Group Accounts A group account identifies a functional group or organization. It provides a group of users with a shared User/Network ID to access a common application or system. Group accounts are permitted only if: • There is a demonstrable need to provide “group” access because the overhead of individual accounts is not acceptable. • The number of applications accessible is kept to a minimum. Group accounts are provided with the minimum access privileges required to meet business needs (e.g., read/write access is not given when read-only access will suffice). Group accounts will not be used to permit remote access. Group account owners are responsible for their correct use at all times, and must maintain a complete list of staff members that use the account.
Sample policy from AAA Technical Writing: Account Management Policy (Version 1)
Page 3 of 4
3.2. Account Creation A user’s manager, or, in the case of a new employee, HR, must submit a request for the creation of a new account to ___. A new user is not permitted, under any circumstances, to inherit the User/Network ID that was originally assigned to another user. Before access is given to an account, all users should be provided with the company’s policies concerning technology, e-mail, the Internet, and computers. All default passwords for accounts must be constructed in accordance with the Password Policy. The Designated Account Administrator or assistant shall: • Create the user ID, the account, and a temporary password, and • Retain an account’s associated request and approval documentation.
3.3. Account Management The _____ must disable all new accounts that have not been accessed within 30 days of creation. Accounts of individuals on extended leave (more than 30 days) should be disabled. (Note: Exceptions can be made in cases where uninterrupted access to IT resources is required. In those instances, the individual going on extended leave must have a manager-approved request from the designated account administrator or assistant.) If an individual is assigned to another office for an extended period (more than 90 days), transfer the individual’s account(s) to the new office. (Note: To ensure minimum user disruption, transfer the user’s local/network resource in a timely manner—e.g., Exchange mailbox, local archived files, etc. Primary responsibility for account management belongs to the Designated Account Administrators. The DAA shall: • Modify user accounts in response to events like name changes, accounting changes, permission changes, or office transfers, • Periodically review existing accounts for validity, and • Cooperate fully with an authorized security team that is investigating a security incident or performing an independent audit review.
3.4. Account Removal A user’s manager must immediately notify __ or H.R. of changes in a user’s employment status (departure, extended leave, or absence of a contractor or consultant). The designated account administrator or assistant will then disable or remove all associated User/Network accounts.
Sample policy from AAA Technical Writing: Account Management Policy (Version 1)
Page 4 of 4
The designated account administrator or assistant will: • Ensure that disabled User/Network IDs are not re-issued to another user. • Leave the associated Network account disabled for 30 days to facilitate auto reply indicating that a person has left the company. (Remove the Network account after 30 days.) • Remove, after consultation with a user’s manager, redundant User/Network accounts that are no longer required.
4.
Version History Number
Date 1 April 15, 2009
Approved by Blair Bolles
Related Documents
Sample Account Management Policy
April 2020 1
Account Manager Resume Sample
December 2019 8
Account Executive Resume Sample
December 2019 14
Account Lesson Management
June 2020 2
Account Management 2.pdf
October 2019 11